CVE-2023-6029

HIGH

EazyDocs < 2.3.6 - Unauthenticated Missing Authorization and CSRF Checks

Title source: llm
STIX 2.1

Description

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e

Scores

CVSS v3 7.5
EPSS 0.0025
EPSS Percentile 16.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
spider-themes/eazydocs < 2.3.6
Published Jan 15, 2024
Tracked Since Feb 18, 2026