CVE-2023-6035: EazyDocs < 2.3.4 - Subscriber + SQLi
First published: Mon Dec 11 2023(Updated: )
The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spider-themes EazyDocs | <2.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-6035?
CVE-2023-6035 is considered a high severity vulnerability due to its potential for SQL Injection attacks.
How do I fix CVE-2023-6035?
To fix CVE-2023-6035, update the EazyDocs WordPress plugin to version 2.3.4 or later.
Who is affected by CVE-2023-6035?
CVE-2023-6035 affects all versions of the EazyDocs WordPress plugin prior to 2.3.4.
What type of attack does CVE-2023-6035 allow?
CVE-2023-6035 allows authenticated users, including subscribers, to perform SQL Injection attacks.
How can I identify if my site is vulnerable to CVE-2023-6035?
You can identify if your site is vulnerable to CVE-2023-6035 by checking if you are using an EazyDocs plugin version earlier than 2.3.4.
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/spider-themes
- canonical/spider-themes eazydocs