exploitDog

CVE-2023-6029

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

Ссылки

https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*

Версия до 2.3.6 (исключая)

EPSS

Процентиль: 27%

0.00095

Низкий

7.5 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-2c3v-6gcr-6f8h

CVSS3: 7.5

github

около 2 лет назад

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

EPSS

Процентиль: 27%

0.00095

Низкий

7.5 High

CVSS3

Дефекты

CWE-862