CVE-2023-7014: 
WordPress vulnerability analysis and mitigation

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure (CVE-2023-7014) in versions up to and including 4.7.4. This vulnerability was discovered and reported by Wordfence, with the initial disclosure on February 5, 2024. The vulnerability affects the plugin's handling of the 'ma_debu' parameter, which could allow unauthenticated attackers to access sensitive information (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Wordfence assessed it with a score of 5.3 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere) and allows unauthenticated attackers to extract sensitive data including post author emails and names when applicable (NVD).

The vulnerability enables unauthenticated attackers to access sensitive information, specifically post author emails and names. This information disclosure could potentially be used for targeted phishing attacks or other malicious activities targeting the exposed users (NVD).

The vulnerability has been patched in version 4.7.5 of the Molongui Authorship plugin. Users are advised to update to this version immediately. The update includes fixes for the information exposure issue as well as some non-blocking PHP warnings (WordPress Plugin).