Lucene search

K
AwesomemotiveEasy Digital Downloads*

16 matches found

CVE
CVE
added 2019/08/16 9:15 p.m.376 views

CVE-2019-15116

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.

6.1CVSS6AI score0.00176EPSS
CVE
CVE
added 2019/08/16 9:15 p.m.342 views

CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.

9.8CVSS9.9AI score0.00706EPSS
CVE
CVE
added 2022/04/18 6:15 p.m.73 views

CVE-2022-0706

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00214EPSS
Web
CVE
CVE
added 2022/04/18 6:15 p.m.72 views

CVE-2022-0707

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

4.3CVSS4.5AI score0.00097EPSS
Web
CVE
CVE
added 2025/05/29 9:15 a.m.65 views

CVE-2025-4670

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user suppl...

6.4CVSS5.7AI score0.00052EPSS
CVE
CVE
added 2022/11/07 10:15 a.m.58 views

CVE-2022-2387

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

4.3CVSS4.5AI score0.00176EPSS
Web
CVE
CVE
added 2022/11/21 11:15 a.m.56 views

CVE-2022-3600

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.

9.8CVSS9.6AI score0.00582EPSS
CVE
CVE
added 2024/12/13 3:15 p.m.56 views

CVE-2023-40005

Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.

9.8CVSS5.4AI score0.00327EPSS
CVE
CVE
added 2024/12/21 12:15 p.m.48 views

CVE-2024-12875

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access ...

4.9CVSS4.9AI score0.00747EPSS
CVE
CVE
added 2024/04/09 7:15 p.m.48 views

CVE-2024-2302

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via...

5.3CVSS6.1AI score0.00982EPSS
CVE
CVE
added 2025/03/25 7:15 a.m.42 views

CVE-2025-2252

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extr...

5.3CVSS7.1AI score0.00069EPSS
CVE
CVE
added 2024/09/24 3:15 a.m.38 views

CVE-2022-2439

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...

7.2CVSS7.1AI score0.01282EPSS
CVE
CVE
added 2025/01/18 7:15 a.m.37 views

CVE-2024-13517

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authen...

4.4CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2024/11/01 3:15 p.m.36 views

CVE-2024-43162

Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

8.8CVSS4.6AI score0.00251EPSS
CVE
CVE
added 2024/08/12 1:38 p.m.34 views

CVE-2024-6692

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escapin...

3.3CVSS3.6AI score0.0008EPSS
CVE
CVE
added 2024/08/12 1:38 p.m.32 views

CVE-2024-6691

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. Thi...

4.4CVSS4.4AI score0.00073EPSS