The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e | Exploit Third Party Advisory |
Configurations
History
19 Jan 2024, 18:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 | |
First Time |
Spider-themes eazydocs
Spider-themes |
|
References | () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
15 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6029
Mitre link : CVE-2023-6029
CVE.ORG link : CVE-2023-6029
JSON object : View
Products Affected
spider-themes
- eazydocs
CWE
CWE-862
Missing Authorization