CVSS 3.1 Score 5.4 of 10 (medium)


Published Oct 16, 2023
Updated: Nov 7, 2023


CVE-2023-3746 is a vulnerability found in the ActivityPub WordPress plugin before version 1.0.0. This vulnerability allows contributors and higher roles to perform Stored Cross-Site Scripting attacks by not properly sanitizing and escaping data from post content. The vulnerability has a base severity rating of MEDIUM with a base score of 5.4 according to [email protected]. The affected products include various versions of WordPress plugins, and the danger lies in the potential for attackers to inject malicious scripts into websites, leading to unauthorized access, data theft, or other forms of compromise. To remediate this vulnerability, users are advised to update the ActivityPub WordPress plugin to version 1.0.0 or later, which includes the necessary fixes for this issue.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3746 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options