CVE-2023-6035

Name of the Vulnerable Software and Affected Versions EazyDocs WordPress plugin versions prior to 2.3.4

Description The issue arises from the improper sanitization and escaping of the data parameter before its use in an SQL statement via an AJAX action. This could allow any authenticated users to perform SQL Injection attacks.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action that uses the data parameter until a patch is available. Avoid using the data parameter in the affected AJAX endpoint until the issue is resolved.