3 matches found
CVE-2023-6035
creationtimestamp| type| source ---|---|--- 2024-01-01 14:31:26+00:00| seen| https://t.me/ctinow/161313...
WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection
Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...
CVE-2023-6035
Summary (CVE-2023-6035) : The EazyDocs WordPress plugin (versions prior to 2.3.4) contains a SQL Injection vulnerability in the AJAX endpoint that uses the tainted “data” parameter without proper sanitization/escaping. This could allow any authenticated user (e.g., subscribers) to perform SQL inj...