Vulnerability Details CVE-2026-4338
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.8%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-4338
-
cpe:2.3:a:automattic:activitypub:0.0.1
-
cpe:2.3:a:automattic:activitypub:0.0.2
-
cpe:2.3:a:automattic:activitypub:0.1.0
-
cpe:2.3:a:automattic:activitypub:0.1.1
-
cpe:2.3:a:automattic:activitypub:0.10.0
-
cpe:2.3:a:automattic:activitypub:0.10.1
-
cpe:2.3:a:automattic:activitypub:0.11.0
-
cpe:2.3:a:automattic:activitypub:0.11.1
-
cpe:2.3:a:automattic:activitypub:0.11.2
-
cpe:2.3:a:automattic:activitypub:0.12.0
-
cpe:2.3:a:automattic:activitypub:0.13.0
-
cpe:2.3:a:automattic:activitypub:0.13.1
-
cpe:2.3:a:automattic:activitypub:0.13.2
-
cpe:2.3:a:automattic:activitypub:0.13.3
-
cpe:2.3:a:automattic:activitypub:0.13.4
-
cpe:2.3:a:automattic:activitypub:0.14.0
-
cpe:2.3:a:automattic:activitypub:0.14.1
-
cpe:2.3:a:automattic:activitypub:0.14.2
-
cpe:2.3:a:automattic:activitypub:0.14.3
-
cpe:2.3:a:automattic:activitypub:0.15.0
-
cpe:2.3:a:automattic:activitypub:0.16.0
-
cpe:2.3:a:automattic:activitypub:0.16.1
-
cpe:2.3:a:automattic:activitypub:0.16.2
-
cpe:2.3:a:automattic:activitypub:0.16.3
-
cpe:2.3:a:automattic:activitypub:0.16.4
-
cpe:2.3:a:automattic:activitypub:0.16.5
-
cpe:2.3:a:automattic:activitypub:0.17.0
-
cpe:2.3:a:automattic:activitypub:0.2.0
-
cpe:2.3:a:automattic:activitypub:0.2.1
-
cpe:2.3:a:automattic:activitypub:0.3.0
-
cpe:2.3:a:automattic:activitypub:0.3.1
-
cpe:2.3:a:automattic:activitypub:0.3.2
-
cpe:2.3:a:automattic:activitypub:0.4.0
-
cpe:2.3:a:automattic:activitypub:0.4.1
-
cpe:2.3:a:automattic:activitypub:0.4.2
-
cpe:2.3:a:automattic:activitypub:0.4.3
-
cpe:2.3:a:automattic:activitypub:0.4.4
-
cpe:2.3:a:automattic:activitypub:0.5.0
-
cpe:2.3:a:automattic:activitypub:0.5.1
-
cpe:2.3:a:automattic:activitypub:0.6.0
-
cpe:2.3:a:automattic:activitypub:0.7.0
-
cpe:2.3:a:automattic:activitypub:0.7.1
-
cpe:2.3:a:automattic:activitypub:0.7.2
-
cpe:2.3:a:automattic:activitypub:0.7.3
-
cpe:2.3:a:automattic:activitypub:0.7.4
-
cpe:2.3:a:automattic:activitypub:0.8.0
-
cpe:2.3:a:automattic:activitypub:0.8.1
-
cpe:2.3:a:automattic:activitypub:0.8.2
-
cpe:2.3:a:automattic:activitypub:0.8.3
-
cpe:2.3:a:automattic:activitypub:0.9.0
-
cpe:2.3:a:automattic:activitypub:0.9.1
-
cpe:2.3:a:automattic:activitypub:1.0.0
-
cpe:2.3:a:automattic:activitypub:1.0.1
-
cpe:2.3:a:automattic:activitypub:1.0.10
-
cpe:2.3:a:automattic:activitypub:1.0.2
-
cpe:2.3:a:automattic:activitypub:1.0.3
-
cpe:2.3:a:automattic:activitypub:1.0.4
-
cpe:2.3:a:automattic:activitypub:1.0.5
-
cpe:2.3:a:automattic:activitypub:1.0.6
-
cpe:2.3:a:automattic:activitypub:1.0.7
-
cpe:2.3:a:automattic:activitypub:1.0.8
-
cpe:2.3:a:automattic:activitypub:1.0.9
-
cpe:2.3:a:automattic:activitypub:1.1.0
-
cpe:2.3:a:automattic:activitypub:1.2.0
-
cpe:2.3:a:automattic:activitypub:1.3.0
-
cpe:2.3:a:automattic:activitypub:2.0.0
-
cpe:2.3:a:automattic:activitypub:2.0.1
-
cpe:2.3:a:automattic:activitypub:2.1.0
-
cpe:2.3:a:automattic:activitypub:2.1.1
-
cpe:2.3:a:automattic:activitypub:2.2.0
-
cpe:2.3:a:automattic:activitypub:2.3.0
-
cpe:2.3:a:automattic:activitypub:2.3.1
-
cpe:2.3:a:automattic:activitypub:2.4.0
-
cpe:2.3:a:automattic:activitypub:2.5.0
-
cpe:2.3:a:automattic:activitypub:2.6.0
-
cpe:2.3:a:automattic:activitypub:2.6.1
-
cpe:2.3:a:automattic:activitypub:3.0.0
-
cpe:2.3:a:automattic:activitypub:3.1.0
-
cpe:2.3:a:automattic:activitypub:3.2.0
-
cpe:2.3:a:automattic:activitypub:3.2.1
-
cpe:2.3:a:automattic:activitypub:3.2.2
-
cpe:2.3:a:automattic:activitypub:3.2.3
-
cpe:2.3:a:automattic:activitypub:3.2.4
-
cpe:2.3:a:automattic:activitypub:3.2.5
-
cpe:2.3:a:automattic:activitypub:3.3.0
-
cpe:2.3:a:automattic:activitypub:3.3.1
-
cpe:2.3:a:automattic:activitypub:3.3.2
-
cpe:2.3:a:automattic:activitypub:3.3.3
-
cpe:2.3:a:automattic:activitypub:4.0.0
-
cpe:2.3:a:automattic:activitypub:4.0.1
-
cpe:2.3:a:automattic:activitypub:4.0.2
-
cpe:2.3:a:automattic:activitypub:4.1.0
-
cpe:2.3:a:automattic:activitypub:4.1.1
-
cpe:2.3:a:automattic:activitypub:4.2.0
-
cpe:2.3:a:automattic:activitypub:4.2.1
-
cpe:2.3:a:automattic:activitypub:4.3.0
-
cpe:2.3:a:automattic:activitypub:4.4.0
-
cpe:2.3:a:automattic:activitypub:4.5.0
-
cpe:2.3:a:automattic:activitypub:4.5.1
-
cpe:2.3:a:automattic:activitypub:4.6.0
-
cpe:2.3:a:automattic:activitypub:4.7.0
-
cpe:2.3:a:automattic:activitypub:4.7.1
-
cpe:2.3:a:automattic:activitypub:4.7.2
-
cpe:2.3:a:automattic:activitypub:4.7.3
-
cpe:2.3:a:automattic:activitypub:5.0.0
-
cpe:2.3:a:automattic:activitypub:5.1.0
-
cpe:2.3:a:automattic:activitypub:5.2.0
-
cpe:2.3:a:automattic:activitypub:5.3.0
-
cpe:2.3:a:automattic:activitypub:5.3.1
-
cpe:2.3:a:automattic:activitypub:5.3.2
-
cpe:2.3:a:automattic:activitypub:5.4.0
-
cpe:2.3:a:automattic:activitypub:5.4.1
-
cpe:2.3:a:automattic:activitypub:5.5.0
-
cpe:2.3:a:automattic:activitypub:5.6.0
-
cpe:2.3:a:automattic:activitypub:5.6.1
-
cpe:2.3:a:automattic:activitypub:5.7.0
-
cpe:2.3:a:automattic:activitypub:5.8.0
-
cpe:2.3:a:automattic:activitypub:5.9.0
-
cpe:2.3:a:automattic:activitypub:5.9.1
-
cpe:2.3:a:automattic:activitypub:5.9.2
-
cpe:2.3:a:automattic:activitypub:6.0.0
-
cpe:2.3:a:automattic:activitypub:6.0.1
-
cpe:2.3:a:automattic:activitypub:6.0.2
-
cpe:2.3:a:automattic:activitypub:7.0.0
-
cpe:2.3:a:automattic:activitypub:7.0.1
-
cpe:2.3:a:automattic:activitypub:7.1.0
-
cpe:2.3:a:automattic:activitypub:7.2.0
-
cpe:2.3:a:automattic:activitypub:7.3.0
-
cpe:2.3:a:automattic:activitypub:7.4.0
-
cpe:2.3:a:automattic:activitypub:7.5.0
-
cpe:2.3:a:automattic:activitypub:7.6.0
-
cpe:2.3:a:automattic:activitypub:7.6.1
-
cpe:2.3:a:automattic:activitypub:7.7.0
-
cpe:2.3:a:automattic:activitypub:7.7.1
-
cpe:2.3:a:automattic:activitypub:7.8.0
-
cpe:2.3:a:automattic:activitypub:7.8.1
-
cpe:2.3:a:automattic:activitypub:7.8.2
-
cpe:2.3:a:automattic:activitypub:7.8.3
-
cpe:2.3:a:automattic:activitypub:7.8.4
-
cpe:2.3:a:automattic:activitypub:7.8.5
-
cpe:2.3:a:automattic:activitypub:7.9.0
-
cpe:2.3:a:automattic:activitypub:7.9.1
-
cpe:2.3:a:automattic:activitypub:8.0.0
-
cpe:2.3:a:automattic:activitypub:8.0.1