cbcvebase.

Awesomemotive Easy Digital Downloads vulnerabilities

56 known vulnerabilities affecting awesomemotive/easy_digital_downloads.

Total CVEs
56
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH4MEDIUM45LOW2

Vulnerabilities

Page 3 of 3
CVE-2015-9525P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9525 [MEDIUM] CWE-79 CVE-2015-9525: The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9535P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9535 [MEDIUM] CWE-79 CVE-2015-9535: The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9532P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9532 [MEDIUM] CWE-79 CVE-2015-9532: The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1. The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9528P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9528 [MEDIUM] CWE-79 CVE-2015-9528: The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2015-9509P4MEDIUMCVSS 6.1≥ 1.8, < 1.8.7≥ 1.9, < 1.9.10+4 more2019-10-23
CVE-2015-9509 [MEDIUM] CWE-79 CVE-2015-9509: The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
nvd
CVE-2025-4670P4MEDIUMCVSS 5.4fixed in 3.3.92025-05-29
CVE-2025-4670 [MEDIUM] CWE-79 CVE-2025-4670: The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated
nvd
CVE-2019-15116P4MEDIUMCVSS 6.1fixed in 2.9.162019-08-16
CVE-2019-15116 [MEDIUM] CWE-79 CVE-2019-15116: The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
nvd
CVE-2022-2387P4MEDIUMCVSS 4.3fixed in 3.02022-11-07
CVE-2022-2387 [MEDIUM] CWE-352 CVE-2022-2387: The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleti The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
nvd
CVE-2022-0706P4MEDIUMCVSS 4.8fixed in 2.11.62022-04-18
CVE-2022-0706 [MEDIUM] CWE-79 CVE-2022-0706: The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloada The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
nvd
CVE-2021-39354P4MEDIUMCVSS 4.8≤ 2.11.22021-10-21
CVE-2021-39354 [MEDIUM] CWE-79 CVE-2021-39354: The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
nvd
CVE-2022-0707P4MEDIUMCVSS 4.3fixed in 2.11.62022-04-18
CVE-2022-0707 [MEDIUM] CWE-352 CVE-2022-0707: The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when ins The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
nvd
CVE-2024-0659P4MEDIUMCVSS 4.8≤ 3.2.62024-02-05
CVE-2024-0659 [MEDIUM] CWE-79 CVE-2024-0659: The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for Wo The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with sh
nvd
CVE-2024-9654P4LOWCVSS 3.7≥ 3.1, < 3.3.52024-12-17
CVE-2024-9654 [LOW] CWE-863 CVE-2024-9654: The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass
nvd
CVE-2024-6691P4MEDIUMCVSS 4.0fixed in 3.3.32024-08-12
CVE-2024-6691 [MEDIUM] CWE-79 CVE-2024-6691: The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Eas The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with a
nvd
CVE-2024-13517P4MEDIUMCVSS 4.0fixed in 3.3.32025-01-18
CVE-2024-13517 [MEDIUM] CWE-79 CVE-2024-13517: The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to
nvd
CVE-2024-6692P4LOWCVSS 3.1fixed in 3.3.32024-08-12
CVE-2024-6692 [LOW] CWE-79 CVE-2024-6692: The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Eas The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit
nvd
Awesomemotive Easy Digital Downloads vulnerabilities | cvebase