5 matches found
CVE-2023-23489
CVE-2023-23489 concerns the WordPress Easy Digital Downloads plugin. Versions 3.1.0.2 and 3.1.0.3 are affected by an unauthenticated SQL injection in the edd_download_search action via the s parameter. This could allow an attacker to read/modify data and potentially perform unauthorized operation...
CVE-2023-0380
CVE-2023-0380 affects Easy Digital Downloads WordPress plugin versions before 3.1.0.5. The issue arises from insufficient validation/escaping of certain block options when they are output in a page/post where the block is embedded, enabling Stored Cross-Site Scripting by users with the contributo...
CVE-2024-31293
CVE-2024-31293 is a CSRF vulnerability in the WordPress plugin Easy Digital Downloads (EDD) affecting EDD versions up to 3.2.6. The description notes a CSRF flaw but does not provide technical details about the vulnerable function, affected endpoints, or the exact root cause. The Connected Docume...
CVE-2024-32100
CVE-2024-32100 is an information-exposure vulnerability in the Easy Digital Downloads (EDD) WordPress plugin up to version 3.2.11. The issue allows an unauthenticated actor to access sensitive information exposed by EDD. Public sources in the connected documents confirm the vulnerability descript...
CVE-2024-31113
CVE-2024-31113 is a CSRF vulnerability in Easy Digital Downloads (WordPress plugin) affecting versions up to 3.2.11. The connected Red Hat page repeats this description. Public technical details (exploit method, affected files, precise root cause) are not provided in the documents; remediation st...