CVE-2023-6029: EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management
First published: Mon Jan 15 2024(Updated: )
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spider-themes EazyDocs | <2.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-6029?
CVE-2023-6029 is considered a critical vulnerability due to its potential for unauthorized deletion of posts by unauthenticated users.
How do I fix CVE-2023-6029?
To fix CVE-2023-6029, update the EazyDocs WordPress plugin to version 2.3.6 or later.
Who is affected by CVE-2023-6029?
CVE-2023-6029 affects all users of the EazyDocs WordPress plugin prior to version 2.3.6.
What are the risks associated with CVE-2023-6029?
The risk associated with CVE-2023-6029 includes allowing unauthorized users to delete content and manipulate documents on a WordPress site.
Is there a workaround for CVE-2023-6029 until I can update?
A temporary workaround for CVE-2023-6029 would be to deactivate the EazyDocs plugin until it can be updated.
- agent/references
- agent/title
- agent/author
- agent/type
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- agent/severity
- agent/event
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/spider-themes
- canonical/spider-themes eazydocs