ГлавнаяУязвимости → CVE-2023-6029
7.5высокая

CVE-2023-6029

Описание

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

Затрагиваемое ПО
Spider-themes Eazydocs
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597ehttps://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e