CVE-2024-0248 EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

2024-02-1216:05:59

WPScan

www.cve.org

eazydocs

wordpress

authenticated users

arbitrary posts

document management

0.001 Low

EPSS

Percentile

43.8%

JSON

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "EazyDocs",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "2.3.8",
        "lessThan": "2.4.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for CVELIST:CVE-2024-0248