First published: Mon Oct 16 2023(Updated: )
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Activitypub | <1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-3746.
The severity of CVE-2023-3746 is medium.
The affected software is the ActivityPub WordPress plugin before version 1.0.0.
An attacker with a contributor or above role could perform Stored Cross-Site Scripting attacks using this vulnerability.
Yes, upgrading to version 1.0.0 or later of the ActivityPub WordPress plugin will fix this vulnerability.