8 matches found
EUVD-2024-16044
Malicious code in bioql PyPI...
CVE-2024-0248
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...
CVE-2024-0248
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...
Code injection
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...
EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management
Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9...
CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...
CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...
CVE-2023-6029
The CVE concerns the EazyDocs WordPress plugin (before 2.3.6) where missing authorization and CSRF checks allow unauthenticated users to delete arbitrary posts and to add/delete documents/sections. Root cause: the plugin does not validate that target documents originate from the plugin, enabling ...