4 matches found
CVE-2024-0248
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...
WordPress EazyDocs Plugin < 2.4.0 is vulnerable to Broken Access Control
Software EazyDocs Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0248 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64066df73b6f Credits Majed Refaea Required privilege...
CVE-2024-0248
creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:07+00:00| seen| https://t.me/ctinow/183280...
CVE-2024-0248
The CVE-2024-0248 entry concerns the EazyDocs WordPress plugin prior to 2.4.0, where insufficient access controls allowed authenticated users (e.g., subscribers) to delete arbitrary posts and to add/delete documents/sections. Root cause is broken access control, with where unauthenticated access ...