[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL-3p1grVp6EZnR7hgZ4flgjA61LPkKpvo6vChWLcgc4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-3707","activitypub-authenticated-subscriber-insecure-direct-object-reference-to-sensitive-post-content-exposure","ActivityPub \u003C= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure","The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level permissions and above, to expose sensitive post information (e.g., draft and private post content).","activitypub",null,"\u003C=0.17.0","1.0.0","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Authorization Bypass Through User-Controlled Key","2023-09-25 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa1c6ad5a-bc76-4012-acc6-35f742e0869e?source=api-prod",120]