Lucene search
K

536 matches found

Nuclei
Nuclei
added yesterday11 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday24 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7.2AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday31 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.3AI score0.11172EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36948

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-39503

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39503

CVE-2026-39503 affects the WordPress plugin Easy Digital Downloads (versions

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.28 views

CVE-2026-39503 WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49388

Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 a.m.13 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 5:30 a.m.17 views

CVE-2026-7533

The CVE concerns the Easy Digital Downloads WordPress plugin (versions up to and including 3.6.7). The root cause is missing nonce verification in handle_oauth_redirect(), which runs on admin_init and processes Square OAuth tokens from a user-supplied GET parameter without CSRF token validation. ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 5:30 a.m.10 views

EUVD-2026-32725

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:30 a.m.14 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/28 5:30 a.m.12 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 5:30 a.m.36 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/27 5:18 p.m.15 views

WordPress Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking vulnerability

Cross-Site Request Forgery to Payment Account Hijacking vulnerability discovered by type5afe in WordPress Plugin Easy Digital Downloads versions = 3.6.7...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:54 a.m.6 views

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Easy Digital Downloads versions = 3.6.5...

5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:42 a.m.6 views

WordPress Easy Digital Downloads plugin <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Currency Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy Digital Downloads versions = 3.3.2...

4.4CVSS5.3AI score0.00332EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.10 views

CVE-2022-0706

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00638EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.14 views

CVE-2022-0707

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

4.3CVSS6.8AI score0.00461EPSS
Exploits2References1
Rows per page
Query Builder