The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-15T15:10:39.546Z
Updated: 2024-10-23T15:33:52.400Z
Reserved: 2023-11-08T11:36:04.060Z
Link: CVE-2023-6029
Vulnrichment
Updated: 2024-08-02T08:21:17.211Z
NVD
Status : Modified
Published: 2024-01-15T16:15:12.230
Modified: 2024-11-21T08:43:00.643
Link: CVE-2023-6029
Redhat
No data.