First published: Mon Oct 16 2023(Updated: )
The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Activitypub | <1.0.0 | |
<1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5057 is a vulnerability in the ActivityPub WordPress plugin before version 1.0.0 that allows stored XSS attacks.
CVE-2023-5057 allows users with a role of Contributor and above to perform stored XSS attacks in WordPress.
CVE-2023-5057 has a severity keyword of 'medium' and a severity value of 5.4.
To fix CVE-2023-5057, update the ActivityPub WordPress plugin to version 1.0.0 or later.
More information about CVE-2023-5057 can be found at the following reference: [link](https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5).