2 matches found
CVE-2022-2439
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'uploadfile' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...
WordPress Easy Digital Downloads Plugin <= 3.3.3 is vulnerable to PHP Object Injection
Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2439 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 526dc70018f3 Credits Rasoul Jahanshahi Required privilege...