The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory |
19 Jan 2024, 18:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 | |
First Time |
Spider-themes eazydocs
Spider-themes |
|
References | () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
15 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 16:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6029
Mitre link : CVE-2023-6029
CVE.ORG link : CVE-2023-6029
JSON object : View
Products Affected
spider-themes
- eazydocs
CWE
CWE-862
Missing Authorization