CVE-2023-3706

Name of the Vulnerable Software and Affected Versions ActivityPub WordPress plugin versions prior to 1.0.0

Description The issue allows any authenticated user to retrieve the title of arbitrary posts, including drafts and private ones, via an IDOR vector. This occurs because the plugin does not ensure that post titles to be displayed are public and belong to the plugin.

Recommendations For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive posts or implementing additional authentication measures to minimize the risk of exploitation.