logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-3706

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-3706

Description:
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector
Last updated date:
10/18/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
10/18/2023
Reference url to background

https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy