[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQdp3q3AWHq4wtZK4QgVjpEckTeEJTDBCETGtMnDnY8Y":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-3706","activitypub-authenticated-subscriber-insecure-direct-object-reference-to-sensitive-post-title-exposure","ActivityPub \u003C= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Title Exposure","The ActivityPub plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 0.17.0 due to missing validation on a user controlled key. This can allow authenticated attackers, with subscriber-level permissions and above, to expose potentially sensitive post titles (e.g., draft and private post titles).","activitypub",null,"\u003C=0.17.0","1.0.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Authorization Bypass Through User-Controlled Key","2023-09-25 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd1b92249-bc18-4939-aefa-286667f6c003?source=api-prod",120]