CVE-2023-7014
Published: 05 February 2024
Summary
CVE-2023-7014 is a medium-severity Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) vulnerability in Amitzy Molongui Authorship. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 28.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59206
Vulnerability details
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers…
more
to extract sensitive data including post author emails and names if applicable.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Preventing nonpublic personal information from public posting reduces unauthorized exposure of private personal data.
The control detects and protects against mining of private personal information, reducing unauthorized exposure of PII.
Tracking locations of sensitive data and access users reduces risk of private personal information exposure.
Mandatory user notification of sensor activation makes surreptitious capture of private personal information (camera, microphone, location, etc.) substantially harder to perform without detection.
Automated marking identifies private personal information in outputs, tangibly reducing the ability to exploit weaknesses that result in its unauthorized exposure.
Privacy-specific attributes and their controlled association directly reduce exposure of private personal information through missing or incorrect labeling.
Controls whether organization resources are exposed to external system spheres by permitting or prohibiting their use.
The control ensures information is not released into a security sphere where the recipient lacks matching access authorizations.