CVE-2026-4338

NONE EPSS 0.04%

Apr 08, 2026

Updated Apr 08, 2026

Unknown

Parameter	Value
Affected Versions	before 8.0.2
Type	CWE-200 Information Exposure
Vendor	Unknown
Public PoC	No

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts

Weakness Type (CWE)

CWE-200 Information Exposure

Vulnerable Products

unknown:activitypub

References 1

https://wpscan.com/vulnerability/50f68395-72fc-4f99-8e6d-6aa90cc640b5/

NVD

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3830

Unknown

None

CVE-2025-15441

Unknown

None

CVE-2026-4432

Unknown

6.5

CVE-2026-4079

Guaven

6.5

CVE-2026-1900

Unknown

6.5

CVE Details

CVE ID

CVE-2026-4338

Published Date

Apr 08, 2026

Vendor

Unknown

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.04%

Likelihood of exploitation in next 30 days

Percentile: 13.3th percentile (higher than 13.3% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-4338

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-3830

CVE-2025-15441

CVE-2026-4432

CVE-2026-4079

CVE-2026-1900

CVE Details

Editor's Choice

Menu

CVE-2026-4338

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-3830

CVE-2025-15441

CVE-2026-4432

CVE-2026-4079

CVE-2026-1900

CVE Details

Editor's Choice

Stay informed on cybersecurity