🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Information

Software Type	Plugin
Software Slug	eazydocs (view on wordpress.org)
Software Status	Removed
Software Author	spiderdevs
Software Website	spider-themes.net
Software Downloads	39,399
Software Active Installs	2,000
Software Record Last Updated	July 26, 2024

8 Vulnerabilities

EazyDocs <= 2.5.0 - Missing Authorization

4.3

CVE-2024-38721

Jul 11, 2024

Researcher: Khalid

EazyDocs <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-38720

Jul 11, 2024

Researcher: Khalid

EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin <= 2.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-3999

Jun 11, 2024

Researcher: Aditya Vyawahare

EazyDocs 2.3.8 - 2.3.9 - Missing Authorization

4.3

CVE-2024-0248

Dec 21, 2023

Researcher: Dao Xuan Hieu

EazyDocs <= 2.3.3 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-6035

Nov 20, 2023

Researcher: Dao Xuan Hieu

EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page

6.5

CVE-2023-47648

Nov 7, 2023

Researcher: Skalucy

EazyDocs <= 2.3.5 - Unauthenticated Stored Cross-Site Scripting via edit_doc_one_page

6.1

CVE-2023-47549

Nov 7, 2023

Researcher: minhtuanact

Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get

6.1

CVE-2023-33999

Jul 18, 2023

Researcher: Rafie Muhammad

Title	Status	CVE ID	CVSS	Researchers	Date
EazyDocs <= 2.5.0 - Missing Authorization	Unpatched	CVE-2024-38721	4.3	Khalid	July 11, 2024
EazyDocs <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	Unpatched	CVE-2024-38720	6.4	Khalid	July 11, 2024
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin <= 2.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting	Patched	CVE-2024-3999	4.4	Aditya Vyawahare	June 11, 2024
EazyDocs 2.3.8 - 2.3.9 - Missing Authorization	Patched	CVE-2024-0248	4.3	Dao Xuan Hieu	December 21, 2023
EazyDocs <= 2.3.3 - Authenticated (Subscriber+) SQL Injection	Patched	CVE-2023-6035	8.8	Dao Xuan Hieu	November 20, 2023
EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page	Patched	CVE-2023-47648	6.5	Skalucy	November 7, 2023
EazyDocs <= 2.3.5 - Unauthenticated Stored Cross-Site Scripting via edit_doc_one_page	Patched	CVE-2023-47549	6.1	minhtuanact	November 7, 2023
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get	Patched	CVE-2023-33999	6.1	Rafie Muhammad	July 18, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation