High severity7.5NVD Advisory· Published Apr 8, 2026· Updated Apr 14, 2026
CVE-2026-4338
CVE-2026-4338
Description
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*range: <8.0.2
- (no CPE)range: <8.0.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/50f68395-72fc-4f99-8e6d-6aa90cc640b5/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.