CVE-2023-47648: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in spider-themes EazyDocs WordPress plugin affecting versions up to 2.3.5. The vulnerability was reported on November 7, 2023, and was assigned CVE-2023-47648. The issue allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3.1 base score of 7.5 (High). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited over the network with low attack complexity and requires no privileges or user interaction (Patchstack).

The vulnerability is considered highly dangerous and expected to become mass exploited. It allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks (Patchstack).

Users are advised to update to EazyDocs version 2.3.6 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).