WordPress Plugin Vulnerabilities

Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug

Description

The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.

Affects Plugins

Plugin icon
molongui-authorship
Fixed in 4.7.5

References

CVE
CVE-2023-7014
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
5bf5cf27-5f95-42ac-b093-87ad31e49efb

Timeline

Publicly Published
2024-01-16 (about 2 years ago)
Added
2024-01-20 (about 2 years ago)
Last Updated
2024-01-20 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue
Published
2024-11-08
Title
RegistrationMagic – User Registration Plugin with Custom Registration Forms < 6.0.2.7 - Unauthenticated Privilege Escalation via Password Recovery
Published
2023-11-24
Title
Captcha Code < 3.0 - Captcha Bypass
Published
2014-08-01
Title
WordPress 3.6 - Multiple Function Path Disclosure
Published
2013-10-25
Title
Stop User Enumeration 1.2.4 - POST Request Protection Bypass