CVE-2023-7014

Опубликовано: 05 фев. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.

Ссылки

https://plugins.trac.wordpress.org/changeset/3019084/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve
Patch
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3019084/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amitzy:molongui_authorship:*:*:*:*:*:wordpress:*:*

Версия до 4.7.5 (исключая)

EPSS

Процентиль: 67%

0.00536

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-668

Связанные уязвимости

GHSA-45x9-627r-26hh

CVSS3: 5.3

github

около 2 лет назад

EPSS

Процентиль: 67%

0.00536

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-668