Lucene search
WPScanCVELIST:CVE-2023-6029HistoryJan 15, 2024 - 3:10 p.m.
CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management
2024-01-1515:10:39
WPScan
www.cve.org
cve-2023-6029
eazydocs
wordpress
unauthenticated
arbitrary
posts
deletion
document
management
authorization
csrf
checks
0.001 Low
EPSS
Percentile
43.8%
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
CNA Affected
[
{
"vendor": "Unknown",
"product": "EazyDocs",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.3.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-6029
2024-01-15 16:15:12
CVE-2024-0248
2024-02-12 16:15:08
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-6029
2024-01-15 16:15:12
CVE-2024-0248
2024-02-12 16:15:08
wpexploit
wpexploit
prion
prion
Cross site request forgery (csrf)
2024-01-15 16:15:00
Code injection
2024-02-12 16:15:00
cvelist
cvelist