The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-10-16T19:39:13.142Z
Updated: 2023-10-16T19:39:13.142Z
Reserved: 2023-09-18T20:14:19.297Z
Link: CVE-2023-5057
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-16T20:15:17.573
Modified: 2023-11-07T04:23:25.100
Link: CVE-2023-5057
JSON object: View
Redhat Information
No data.
CWE
No CWE.