CVE-2023-6029

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory

19 Jan 2024, 18:06

Type Values Removed Values Added
CPE cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*
CWE CWE-862
First Time Spider-themes eazydocs
Spider-themes
References () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - () https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

15 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-15 16:15

Updated : 2024-11-21 08:43


NVD link : CVE-2023-6029

Mitre link : CVE-2023-6029

CVE.ORG link : CVE-2023-6029


JSON object : View

Products Affected

spider-themes

  • eazydocs
CWE
CWE-862

Missing Authorization