7.5
CVE-2023-7014
- EPSS 0.54%
- Veröffentlicht 05.02.2024 22:15:58
- Zuletzt bearbeitet 08.04.2026 18:18:46
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAuthor Box, Guest Author and Co-Authors for Your Posts – Molongui <= 4.7.4 - Information Exposure via ma_debug
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.
Mögliche Gegenmaßnahme
Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress: Update to version 4.7.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress
Version
*-4.7.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amitzy ≫ Molongui Authorship SwPlatformwordpress Version < 4.7.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.666 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.