CVE-2023-3706

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-3706 is a vulnerability affecting the ActivityPub WordPress plugin before version 1.0.0. This issue permits authenticated users, including subscribers, to access the titles of arbitrary posts, even if they are drafts or private. The plugin fails to ensure that displayed post titles are limited to its own content, exposing an Insecure Direct Object Reference (IDOR) vector. This vulnerability can potentially lead to unauthorized access to sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Chamilo

Affected Vendors

Chamilo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rz92nU
https://www.cve.org/CVERecord?id=CVE-2023-3706
https://nvd.nist.gov/vuln/detail/CVE-2023-3706

Back to Vulnerability Database