CVE-2023-6035

HIGH

EazyDocs WordPress <2.3.4 - SQL Injection

Title source: llm
STIX 2.1

Description

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/44f5a29a-05f9-40d2-80f2-6fb2bda60d79

Scores

CVSS v3 8.8
EPSS 0.0085
EPSS Percentile 53.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
spider-themes/eazydocs < 2.3.4
Published Dec 11, 2023
Tracked Since Feb 18, 2026