CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-0248: EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.

Classification

CVE ID: CVE-2024-0248

Problem Types

CWE-862 Missing Authorization

Affected Products

Vendor: Unknown

Product: EazyDocs

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.26% (probability of being exploited)

EPSS Percentile: 48.96% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0248
https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/

Timeline

2025-05-07 21:40:14 UTC
CVE

EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management