Awesomemotive

Easy Digital Downloads

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2024-6691

  • EPSS 0.19%
  • Veröffentlicht 12.08.2024 13:38:39
  • Zuletzt bearbeitet 07.02.2025 17:06:37

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insuffi...

5.3

CVE-2024-2302

  • EPSS 0.98%
  • Veröffentlicht 09.04.2024 19:15:30
  • Zuletzt bearbeitet 07.02.2025 17:05:52

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauth...

4.8

CVE-2024-0659

  • EPSS 0.22%
  • Veröffentlicht 05.02.2024 22:16:03
  • Zuletzt bearbeitet 07.02.2025 19:44:53

The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insuffic...

5.4

CVE-2023-51684

  • EPSS 0.07%
  • Veröffentlicht 01.02.2024 11:15:11
  • Zuletzt bearbeitet 07.02.2025 19:44:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy ...

9.8

CVE-2023-30869

  • EPSS 31.29%
  • Veröffentlicht 02.05.2023 10:15:09
  • Zuletzt bearbeitet 07.02.2025 19:44:53

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.

9.8

CVE-2022-3600

Exploit
  • EPSS 1.31%
  • Veröffentlicht 21.11.2022 11:15:20
  • Zuletzt bearbeitet 30.04.2025 14:15:24

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.

4.3

CVE-2022-2387

Exploit
  • EPSS 0.2%
  • Veröffentlicht 07.11.2022 10:15:11
  • Zuletzt bearbeitet 05.05.2025 21:15:45

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin...

7.2

CVE-2022-33900

  • EPSS 0.79%
  • Veröffentlicht 22.08.2022 15:15:15
  • Zuletzt bearbeitet 20.02.2025 21:15:21

PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

4.3

CVE-2022-0707

Exploit
  • EPSS 0.1%
  • Veröffentlicht 18.04.2022 18:15:08
  • Zuletzt bearbeitet 07.02.2025 19:44:53

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

4.8

CVE-2022-0706

Exploit
  • EPSS 0.23%
  • Veröffentlicht 18.04.2022 18:15:08
  • Zuletzt bearbeitet 07.02.2025 19:44:53

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disal...