Vulnerability in Activitypub

CVE-2026-4338

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.