WordPress Plugin Vulnerabilities

EazyDocs < 2.3.6 - Reflected XSS

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
eazydocs
Fixed in 2.3.6

References

CVE
CVE-2023-47549
URL
https://patchstack.com/database/vulnerability/eazydocs/wordpress-eazydocs-plugin-2-3-3-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.8 (medium)

Miscellaneous

Original Researcher
minhtuanact
Verified
No
WPVDB ID
c5812574-2ffa-4d4e-bc4d-1ab4286b1d65

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-16 (about 2 years ago)
Last Updated
2023-12-28 (about 2 years ago)

Other

Published
Title
Published
2025-03-24
Title
NextGEN Gallery Voting <= 2.7.6 - Reflected Cross-Site Scripting
Published
2025-03-19
Title
Narnoo Operator <= 2.0.0 - Reflected Cross-Site Scripting
Published
2025-09-22
Title
WP Frontend Admin < 1.22.8 - Contributor+ Stored XSS
Published
2025-08-05
Title
WP Tournament Registration <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via field Parameter
Published
2019-07-12
Title
Email Subscribers & Newsletters < 4.1.7 - Cross-Site Scripting (XSS)