CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3706 – ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
https://notcve.org/view.php?id=CVE-2023-3706
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector El complemento ActivityPub de WordPress anterior a 1.0.0 no garantiza que los títulos de las publicaciones que se mostrarán sean públicos y pertenezcan al complemento, lo que permite a cualquier usuario autenticado, como un suscriptor, recuperar el título de una publicación arbitraria (como borrador y privada) a través de un IDOR vector The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level permissions and above, to expose potentially sensitive post titles (e.g., draft and private post titles). • https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3707 – ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure
https://notcve.org/view.php?id=CVE-2023-3707
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue. El complemento ActivityPub de WordPress anterior a 1.0.0 no garantiza que los contenidos de las publicaciones que se mostrarán sean públicos y pertenezcan al complemento, lo que permite a cualquier usuario autenticado, como un suscriptor, recuperar el contenido de una publicación arbitraria (como borrador y privada) a través de un IDOR vector. Las publicaciones protegidas con contraseña no se ven afectadas por este problema. The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. • https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3746 – ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-3746
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks El complemento ActivityPub de WordPress anterior a 1.0.0 no sanitiza ni escapa algunos datos del contenido de la publicación, lo que podría permitir que el colaborador y el rol superior realicen ataques de Cross-Site Scripting almacenados. The ActivityPub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via certain post content in versions up to, and including, 0.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/c15a6032-6495-47a8-828c-37e55ed9665a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5057 – ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-5057
The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks El complemento ActivityPub de WordPress anterior a 1.0.0 no escapa a los metadatos del usuario antes de mostrarlos en menciones, lo que podría permitir a los usuarios con un rol de Colaborador y superior realizar ataques XSS almacenados. The ActivityPub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user metadata in versions up to, and including, 0.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37871 – WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce GoCardless. Este problema afecta a GoCardless: desde n/a hasta 2.5.6. The WooCommerce GoCardless Gateway plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.5.6. This is due to missing validation on a user controlled key. • https://patchstack.com/database/vulnerability/woocommerce-gateway-gocardless/wordpress-woocommerce-gocardless-gateway-plugin-2-5-6-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •