CVE-2023-3707

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-3707: The ActivityPub WordPress plugin, prior to version 1.0.0, fails to properly restrict access to post contents, allowing authenticated users, including subscribers, to gain unauthorized access to arbitrary draft or private posts through an Insecure Direct Object Reference (IDOR) vulnerability. This issue does not impact password-protected posts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Code Projects

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rz-Rph
https://www.cve.org/CVERecord?id=CVE-2023-3707
https://nvd.nist.gov/vuln/detail/CVE-2023-3707

Back to Vulnerability Database

CVE-2023-3707

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations