PT-2024-15410 · WordPress · Eazydocs
Majed Refaea
·
Published
2024-02-12
·
Updated
2024-10-09
·
CVE-2024-0248
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EazyDocs WordPress plugin versions prior to 2.4.0
Description
The issue allows any authenticated users to delete arbitrary posts, as well as add and delete documents/sections. The problem was partially fixed in version 2.3.9.
Recommendations
For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.
For version 2.3.8, consider updating to version 2.3.9 as a partial fix, then update to version 2.4.0 or later for a complete resolution.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Eazydocs