Spider-themes Eazydocs
7 CVEs affecting Spider-themes Eazydocs. Latest disclosed: 2024-11-01. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6035 | High | 8.8 | 2023-12-11 | The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which… |
CVE-2023-6029 | High | 7.5 | 2024-01-15 | The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from… |
CVE-2024-38721 | High | 7.1 | 2024-11-01 | Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDo… |
CVE-2023-47549 | Medium | 6.8 | 2023-11-14 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions. |
CVE-2024-38720 | Medium | 6.5 | 2024-07-20 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue aff… |
CVE-2024-3999 | Medium | 4.8 | 2024-07-02 | The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2024-0248 | Medium | 4.3 | 2024-02-12 | The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allow… |