The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.
History

Wed, 09 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Spider-themes
Spider-themes eazydocs
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*
Vendors & Products Spider-themes
Spider-themes eazydocs
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:05:59.465Z

Updated: 2024-08-01T17:41:16.584Z

Reserved: 2024-01-05T13:31:32.604Z

Link: CVE-2024-0248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:08.443

Modified: 2024-11-21T08:46:08.790

Link: CVE-2024-0248

cve-icon Redhat

No data.