Spider-themes Eazydocs

7 CVEs affecting Spider-themes Eazydocs. Latest disclosed: 2024-11-01. Critical: 0, High: 3.

Top CVEs affecting Spider-themes Eazydocs
CVESeverityScorePublishedSummary
CVE-2023-6035High8.82023-12-11The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which…
CVE-2023-6029High7.52024-01-15The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from…
CVE-2024-38721High7.12024-11-01Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDo…
CVE-2023-47549Medium6.82023-11-14Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions.
CVE-2024-38720Medium6.52024-07-20Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue aff…
CVE-2024-3999Medium4.82024-07-02The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-0248Medium4.32024-02-12The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allow…