cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3999,https://securityvulnerability.io/vulnerability/CVE-2024-3999,Stored Cross-Site Scripting Vulnerability in EazyDocs Plugin for WordPress,"The EazyDocs WordPress plugin prior to version 2.5.0 is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate sanitization and escaping of certain settings. This flaw enables high privilege users, such as administrators, to exploit the system, even in environments where the unfiltered_html capability is restricted, like multisite setups. Attackers can potentially leverage this vulnerability to inject malicious scripts, leading to unauthorized actions and data exposure.",Wordpress,Eazydocs,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-02T06:15:00.000Z,0
CVE-2024-0248,https://securityvulnerability.io/vulnerability/CVE-2024-0248,Arbitrary Post Deletion and Addition Vulnerability in EazyDocs WordPress Plugin,"The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.",Wordpress,EazyDocs,4.3,MEDIUM,0.0005099999834783375,false,,false,false,true,true,false,false,2024-02-12T16:05:59.465Z,0
CVE-2023-6029,https://securityvulnerability.io/vulnerability/CVE-2023-6029,EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management,"The EazyDocs WordPress plugin, prior to version 2.3.6, has a significant security flaw that lacks proper authorization and Cross-Site Request Forgery (CSRF) protection during document handling. This vulnerability enables malicious actors to exploit the system, allowing unauthenticated users to delete arbitrary posts and manage documents or sections without authorization. This poses a serious risk to the integrity of content and data within WordPress sites utilizing the vulnerable plugin version.",Wordpress,EazyDocs,7.5,HIGH,0.0008200000156648457,false,,false,false,true,true,false,false,2024-01-15T15:10:39.546Z,0
CVE-2023-6035,https://securityvulnerability.io/vulnerability/CVE-2023-6035,EazyDocs < 2.3.4 - Subscriber + SQLi,"The EazyDocs WordPress plugin prior to version 2.3.4 is susceptible to an SQL injection vulnerability due to inadequate sanitization and escaping of the 'data' parameter. When processed through an AJAX action, this flaw enables any authenticated user, including those with subscriber roles, to leverage this weakness and potentially execute malicious SQL commands. This could lead to unauthorized access to sensitive information stored in the database, posing a significant risk to the integrity and confidentiality of the data.",Wordpress,EazyDocs,8.8,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-12-11T20:15:00.000Z,0