CVE-2023-6029

Name of the Vulnerable Software and Affected Versions EazyDocs WordPress plugin versions prior to 2.3.6

Description The issue allows unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections, due to the lack of authorization and CSRF checks when handling documents. This is because the plugin does not ensure that the documents are from the plugin itself.

Recommendations For versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the document handling functionality until a patch is applied. Avoid using the plugin's document management features with unauthenticated users until the issue is resolved.