Awesomemotive Easy Digital Downloads vulnerabilities
56 known vulnerabilities affecting awesomemotive/easy_digital_downloads.
Total CVEs
56
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH4MEDIUM45LOW2
Vulnerabilities
Page 1 of 3
CVE-2024-5057P1CRITICALCVSS 9.8ExploitedPoC≤ 3.2.122024-08-29
CVE-2024-5057 [CRITICAL] CWE-89 CVE-2024-5057: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
nvd
CVE-2023-30869P1CRITICALCVSS 9.8ExploitedPoC≥ 3.1, < 3.1.1.4.22023-05-02
CVE-2023-30869 [CRITICAL] CWE-287 CVE-2023-30869: Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Esca
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.
nvd
CVE-2015-9324P3CRITICALCVSS 9.8fixed in 2.3.32019-08-16
CVE-2015-9324 [CRITICAL] CWE-89 CVE-2015-9324: The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
nvd
CVE-2024-43162P3HIGHCVSS 8.8fixed in 3.3.02024-11-01
CVE-2024-43162 [HIGH] CWE-862 CVE-2024-43162: Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configur
Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
nvd
CVE-2023-40005P3CRITICALCVSS 9.8fixed in 3.2.02024-12-13
CVE-2023-40005 [CRITICAL] CWE-862 CVE-2023-40005: Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads all
Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.
nvd
CVE-2026-39503P3HIGHCVSS 7.5≥ n/a, ≤ 3.6.52026-06-15
CVE-2026-39503 [HIGH] CWE-862 CVE-2026-39503: Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
nvd
CVE-2022-3600P3CRITICALCVSS 9.8fixed in 3.1.0.22022-11-21
CVE-2022-3600 [CRITICAL] CWE-1236 CVE-2022-3600: The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
nvd
CVE-2022-2439P3HIGHCVSS 7.2fixed in 3.3.42024-09-24
CVE-2022-2439 [HIGH] CWE-502 CVE-2022-2439: The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vuln
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrar
nvd
CVE-2022-33900P3HIGHCVSS 7.2≤ 3.0.12022-08-22
CVE-2022-33900 [HIGH] CWE-502 CVE-2022-33900: PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
nvd
CVE-2024-2302P4MEDIUMCVSS 5.3fixed in 3.2.102024-04-09
CVE-2024-2302 [MEDIUM] CWE-532 CVE-2024-2302: The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Eas
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.
nvd
CVE-2025-2252P4MEDIUMCVSS 5.3fixed in 3.3.72025-03-25
CVE-2025-2252 [MEDIUM] CWE-200 CVE-2025-2252: The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here i
nvd
CVE-2015-9530P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9530 [MEDIUM] CWE-79 CVE-2015-9530: The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2024-12875P4MEDIUMCVSS 4.9fixed in 3.3.32024-12-21
CVE-2024-12875 [MEDIUM] CWE-73 CVE-2024-12875: The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on
nvd
CVE-2015-9512P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9512 [MEDIUM] CWE-79 CVE-2015-9512: The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9514P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9514 [MEDIUM] CWE-79 CVE-2015-9514: The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x befo
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9522P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9522 [MEDIUM] CWE-79 CVE-2015-9522: The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.
The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2023-51684P4MEDIUMCVSS 5.4≤ 3.2.52024-02-01
CVE-2023-51684 [MEDIUM] CWE-79 CVE-2023-51684: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5.
nvd
CVE-2015-9510P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9510 [MEDIUM] CWE-79 CVE-2015-9510: The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x b
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9515P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9515 [MEDIUM] CWE-79 CVE-2015-9515: The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x bef
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9508P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9508 [MEDIUM] CWE-79 CVE-2015-9508: The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before
The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
1 / 3Next →