cbcvebase.

Sandhillsdev Easy Digital Downloads vulnerabilities

5 known vulnerabilities affecting sandhillsdev/easy_digital_downloads.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-23489P1CRITICALCVSS 9.8ExploitedPoCfixed in 3.1.0.42023-01-20
CVE-2023-23489 [CRITICAL] CWE-89 CVE-2023-23489: The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthent The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
nvd
CVE-2024-32100P3HIGHCVSS 7.5fixed in 3.2.122024-05-14
CVE-2024-32100 [HIGH] CWE-200 CVE-2024-32100: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.T Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
nvd
CVE-2024-31293P3HIGHCVSS 8.8fixed in 3.2.72024-04-12
CVE-2024-31293 [HIGH] CWE-352 CVE-2024-31293: Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Di Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
nvd
CVE-2024-31113P3HIGHCVSS 8.8fixed in 3.2.122024-05-14
CVE-2024-31113 [HIGH] CWE-352 CVE-2024-31113: Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Di Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
nvd
CVE-2023-0380P4MEDIUMCVSS 5.4fixed in 3.1.0.52023-02-21
CVE-2023-0380 [MEDIUM] CWE-79 CVE-2023-0380: The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd
Sandhillsdev Easy Digital Downloads vulnerabilities | cvebase