Vulnerability Name: ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS Description: The plugin does not escape user metadata before outputting them in mentions, allowing users with a role of Contributor and above to perform Stored XSS attacks. Proof of Concept: As a contributor, put the following payload in a post and the XSS will be triggered when viewing/previewing the post. Affected Plugin: activitypub (Fixed in 1.0.0) References: CVE-2023-5057 Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 - CVSS: 6.8 (medium) Original Researcher: Ben Bidner Verified: Yes WPVDB ID: 58a63507-f0fd-46f1-a80c-6b1c41dddcf5 Timeline: - Publicly Published: 2023-09-25 (about 2 years ago) - Added: 2023-09-25 (about 2 years ago) - Last Updated: 2023-09-25 (about 2 years ago) Other Vulnerabilities: - Crowdsignal Dashboard < 3.1.0 - Reflected Cross-Site Scripting - Ultimate Dashboard < 3.7.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings - Real Cookie Banner < 5.1.6 - Admin+ Stored XSS - Quiz And Survey Master < 6.3.5 - Authenticated Reflected XSS - Uji Countdown <= 2.0.6 - Cross-Site Scripting (XSS)