CVE-2024-53793: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in eDoc Intelligence LLC's eDoc Easy Tables WordPress plugin, affecting versions up to and including 1.29. The vulnerability was reported on November 29, 2024, by security researcher João Pedro Soares de Alcântara (Patchstack).

The vulnerability stems from missing or incorrect nonce validation on a function within the eDoc Easy Tables plugin. This security flaw allows for Blind SQL Injection attacks through CSRF. The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L. The issue has been categorized under CWE-352 (Cross-Site Request Forgery) (WPScan, Patchstack).

The vulnerability enables unauthenticated attackers to inject arbitrary SQL queries into the target system through forged requests. This can occur when an attacker successfully tricks a site administrator into performing specific actions, such as clicking on a malicious link (WPScan).

As of the vulnerability disclosure, no official fix has been released for this security issue. The vulnerability affects all versions up to and including 1.29 of the eDoc Easy Tables plugin (Patchstack).