CVE-2023-6029: 
WordPress vulnerability analysis and mitigation

The EazyDocs WordPress plugin before version 2.3.6 contains a critical security vulnerability identified as CVE-2023-6029. The vulnerability stems from missing authorization and CSRF checks in the document handling functionality. This security flaw affects the WordPress plugin's document management system and was discovered in December 2023 (WPScan Advisory).

The vulnerability is characterized by a lack of proper authorization controls and CSRF protections when handling documents. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) and is considered a Broken Access Control issue according to the OWASP Top 10 classification (NVD Database, WPScan Advisory).

The vulnerability allows unauthenticated users to perform unauthorized actions including deleting arbitrary posts and manipulating documents/sections within the plugin. Attackers can add and delete documents and sections without proper authorization, potentially leading to significant content manipulation and data loss (WPScan Advisory).

The vulnerability has been patched in EazyDocs version 2.3.6. Users are strongly advised to update to this version or later to mitigate the risk. However, it should be noted that the vulnerability was later re-introduced in version 2.3.8 and partially fixed in 2.3.9, with a complete fix available in version 2.4.0 (NVD Database).