Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.7 views

CVE-2024-0248

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

7.5CVSS5.2AI score0.00424EPSS
Exploits4References1
Patchstack
Patchstack
added 2024/02/13 12:0 a.m.6 views

WordPress EazyDocs Plugin < 2.4.0 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0248 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64066df73b6f Credits Majed Refaea Required privilege...

4.3CVSS6.5AI score0.00424EPSS
Exploits2References3Affected Software1
Circl
Circl
added 2024/02/12 5:22 p.m.8 views

CVE-2024-0248

creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:07+00:00| seen| https://t.me/ctinow/183280...

4.3CVSS4.8AI score0.00424EPSS
Exploits2References1
CVE
CVE
added 2024/02/12 4:5 p.m.5601 views

CVE-2024-0248

The CVE-2024-0248 entry concerns the EazyDocs WordPress plugin prior to 2.4.0, where insufficient access controls allowed authenticated users (e.g., subscribers) to delete arbitrary posts and to add/delete documents/sections. Root cause is broken access control, with where unauthenticated access ...

4.3CVSS7.3AI score0.00424EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder