Lucene search
WPScanCVE-2023-6029HistoryJan 15, 2024 - 4:15 p.m.
CVE-2023-6029
2024-01-1516:15:12
CWE-862
WPScan
web.nvd.nist.gov
25
cve-2023-6029
eazydocs
wordpress
plugin
authorization
csrf
documents
deletion
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.0%
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
Affected configurations
Node
spider-themeseazydocsRange<2.3.6wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| spider-themes | eazydocs | * | cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "EazyDocs",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.3.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-6029
2024-01-15 16:15:12
CVE-2024-0248
2024-02-12 16:15:08
wpexploit
wpexploit
prion
prion
Cross site request forgery (csrf)
2024-01-15 16:15:00
Code injection
2024-02-12 16:15:00
cvelist
cvelist
cve
cve
CVE-2024-0248
2024-02-12 16:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.0%
Related for CVE-2023-6029