The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
History

Wed, 23 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-15T15:10:39.546Z

Updated: 2024-10-23T15:33:52.400Z

Reserved: 2023-11-08T11:36:04.060Z

Link: CVE-2023-6029

cve-icon Vulnrichment

Updated: 2024-08-02T08:21:17.211Z

cve-icon NVD

Status : Modified

Published: 2024-01-15T16:15:12.230

Modified: 2024-11-21T08:43:00.643

Link: CVE-2023-6029

cve-icon Redhat

No data.