Sandhillsdev Easy Digital Downloads vulnerabilities
5 known vulnerabilities affecting sandhillsdev/easy_digital_downloads.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-23489P1CRITICALCVSS 9.8ExploitedPoCfixed in 3.1.0.42023-01-20
CVE-2023-23489 [CRITICAL] CWE-89 CVE-2023-23489: The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthent
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
nvd
CVE-2024-32100P3HIGHCVSS 7.5fixed in 3.2.122024-05-14
CVE-2024-32100 [HIGH] CWE-200 CVE-2024-32100: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.T
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
nvd
CVE-2024-31293P3HIGHCVSS 8.8fixed in 3.2.72024-04-12
CVE-2024-31293 [HIGH] CWE-352 CVE-2024-31293: Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Di
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
nvd
CVE-2024-31113P3HIGHCVSS 8.8fixed in 3.2.122024-05-14
CVE-2024-31113 [HIGH] CWE-352 CVE-2024-31113: Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Di
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
nvd
CVE-2023-0380P4MEDIUMCVSS 5.4fixed in 3.1.0.52023-02-21
CVE-2023-0380 [MEDIUM] CWE-79 CVE-2023-0380: The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its
The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd