CVE-2023-5057

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

CWE ID 835

Summary

CVE-2023-5057 is a stored Cross-Site Scripting (XSS) vulnerability affecting the ActivityPub WordPress plugin before version 1.0.0. This issue arises due to the plugin's failure to properly escape user metadata before outputting it in mentions. Contributors and users with higher roles can exploit this flaw to inject malicious scripts into a targeted website, potentially compromising the integrity of user data or gaining unauthorized access. Users are advised to update the plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tw7Tld
https://www.cve.org/CVERecord?id=CVE-2023-5057
https://nvd.nist.gov/vuln/detail/CVE-2023-5057

Back to Vulnerability Database

CVE-2023-5057

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations