SB2023101851 - Multiple vulnerabilities in ActivityPub plugin for WordPress

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Stored cross-site scripting (CVE-ID: CVE-2023-5057)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-3707)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected plugin does not ensure that post contents to be displayed are public and belong to the plugin. A remote user can retrieve the content of arbitrary post via an IDOR vector

3) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-3706)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected plugin does not ensure that post titles to be displayed are public and belong to the plugin. A remote user can retrieve the title of arbitrary post via an IDOR vector.

Remediation

Install update from vendor's website.

References

• https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5
• https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48
• https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a