Awesomemotive

Easy Digital Downloads

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-4670

  • EPSS 0.02%
  • Veröffentlicht 29.05.2025 08:22:03
  • Zuletzt bearbeitet 12.08.2025 19:59:47

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient inp...

5.3

CVE-2025-2252

  • EPSS 0.14%
  • Veröffentlicht 25.03.2025 07:15:38
  • Zuletzt bearbeitet 08.08.2025 19:21:17

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes ...

4

CVE-2024-13517

  • EPSS 0.11%
  • Veröffentlicht 18.01.2025 07:15:09
  • Zuletzt bearbeitet 07.02.2025 17:10:03

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and o...

4.9

CVE-2024-12875

  • EPSS 1.09%
  • Veröffentlicht 21.12.2024 12:15:20
  • Zuletzt bearbeitet 07.02.2025 17:09:37

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenti...

3.7

CVE-2024-9654

  • EPSS 0.11%
  • Veröffentlicht 17.12.2024 12:15:21
  • Zuletzt bearbeitet 07.02.2025 17:08:58

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the...

9.8

CVE-2023-40005

  • EPSS 0.42%
  • Veröffentlicht 13.12.2024 15:15:21
  • Zuletzt bearbeitet 07.02.2025 16:50:09

Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.

8.8

CVE-2024-43162

  • EPSS 0.32%
  • Veröffentlicht 01.11.2024 15:15:40
  • Zuletzt bearbeitet 07.02.2025 16:51:51

Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

7.2

CVE-2022-2439

  • EPSS 0.77%
  • Veröffentlicht 24.09.2024 03:15:02
  • Zuletzt bearbeitet 07.02.2025 17:08:10

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authe...

9.8

CVE-2024-5057

  • EPSS 3.05%
  • Veröffentlicht 29.08.2024 14:15:09
  • Zuletzt bearbeitet 07.02.2025 19:44:53

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

3.1

CVE-2024-6692

  • EPSS 0.15%
  • Veröffentlicht 12.08.2024 13:38:39
  • Zuletzt bearbeitet 07.02.2025 17:07:33

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to i...