CVE-2023-6035
📋 TL;DR
The EazyDocs WordPress plugin before version 2.3.4 contains a SQL injection vulnerability in an AJAX endpoint. Any authenticated WordPress user, including low-privilege subscribers, can exploit this to execute arbitrary SQL commands on the database. This affects all WordPress sites running vulnerable versions of the EazyDocs plugin.
💻 Affected Systems
- EazyDocs WordPress Plugin
📦 What is this software?
Eazydocs by Spider Themes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could gain full database access, extract sensitive data, modify content, create administrative accounts, or execute arbitrary code through database functions.
Likely Case
Attackers would extract sensitive data like user credentials, personal information, or plugin-specific data, potentially leading to account takeover or data breach.
If Mitigated
With proper input validation and parameterized queries, no SQL injection would be possible, limiting impact to normal plugin functionality.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward for attackers with basic WordPress user accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.4
Vendor Advisory: https://wpscan.com/vulnerability/44f5a29a-05f9-40d2-80f2-6fb2bda60d79
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find EazyDocs plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.3.4+ from WordPress repository.
🔧 Temporary Workarounds
Disable EazyDocs Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate eazydocs
Restrict AJAX Access
allUse web application firewall or .htaccess to restrict access to wp-admin/admin-ajax.php for non-administrators
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user-supplied data parameters
- Apply principle of least privilege - restrict user registrations and review existing user accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → EazyDocs version. If version is below 2.3.4, system is vulnerable.Check Version:
wp plugin get eazydocs --field=versionVerify Fix Applied:
Confirm EazyDocs plugin version is 2.3.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed authentication attempts followed by successful login
- AJAX requests to wp-admin/admin-ajax.php with suspicious data parameters
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with SQL injection payloads in data parameter
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (data CONTAINS "UNION" OR data CONTAINS "SELECT" OR data CONTAINS "INSERT" OR data CONTAINS "DELETE")