The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-15T15:10:39.546Z
Updated: 2024-08-02T08:21:17.211Z
Reserved: 2023-11-08T11:36:04.060Z
Link: CVE-2023-6029
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-15T16:15:12.230
Modified: 2024-01-19T18:06:04.490
Link: CVE-2023-6029
Redhat
No data.