CVE-2024-0248

2024-02-1216:15:08

[email protected]

web.nvd.nist.gov

2822

eazydocs

wordpress

plugin

cve-2024-0248

nvd

vulnerability

delete

arbitrary

posts

documents

sections

0.001 Low

EPSS

Percentile

43.7%

JSON

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.

Affected configurations

Vulners

Node

spider-themeseazydocsRange2.3.8–2.4.0

VendorProductVersionCPE
spider\-themeseazydocs*cpe:2.3:a:spider\-themes:eazydocs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
spider\-themes	eazydocs	*	cpe:2.3:a:spider\-themes:eazydocs::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "EazyDocs",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "2.3.8",
        "lessThan": "2.4.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2024-0248

wpvulndb2 prion2 wpexploit2 cvelist2 nvd2 cve1