A vulnerability described as problematic has been identified in Automattic ActivityPub Plugin up to 8.0.1 on WordPress. This vulnerability affects unknown code of the file drafts/scheduled/pending . Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-4338 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.