← back
CVE-2023-3746

ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

CVSS 5.4 MEDIUMEPSS 0.4%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · ActivityPub