Vulnerabilities and security researches foreasy-digital-downloads easy-digital-downloads
Direction: ascendingJun 07, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9517
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9518
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9506
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9509
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9508
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9505
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2021-39354
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 22, 2021
- Research Description
- The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9528
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9520
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9511
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9510
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9513
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9531
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9516
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9519
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9512
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9530
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9515
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9533
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9507
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9526
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9535
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9523
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9324
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 17, 2019
- Research Description
- The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9514
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9524
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9527
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9525
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9532
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-0707
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 18, 2022
- Research Description
- The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9521
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9534
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9522
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9529
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2015-9536
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2019
- Research Description
- The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2019-15116
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 17, 2019
- Research Description
- The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-0706
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 18, 2022
- Research Description
- The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-33900
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 22, 2022
- Research Description
- PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-2387
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 07, 2022
- Research Description
- The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2023-23489
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 20, 2023
- Research Description
- The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-3600
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 21, 2022
- Research Description
- The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-32100
- CVE, Research URL
- Home page URL
- Application
- Date
- May 14, 2024
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-0659
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 06, 2024
- Research Description
- The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-31293
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 12, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-31113
- CVE, Research URL
- Home page URL
- Application
- Date
- May 14, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-2302
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 10, 2024
- Research Description
- The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2023-0380
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 21, 2023
- Research Description
- The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2023-30869
- CVE, Research URL
- Home page URL
- Application
- Date
- May 02, 2023
- Research Description
- Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2023-51684
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 01, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2023-40005
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 13, 2024
- Research Description
- Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 04, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-5057
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 29, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 11, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-43162
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-6692
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 12, 2024
- Research Description
- The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-6691
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 12, 2024
- Research Description
- The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 24, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2022-2439
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 24, 2024
- Research Description
- The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 18, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-9654
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 17, 2024
- Research Description
- The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 22, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-12875
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 21, 2024
- Research Description
- The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 19, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2024-13517
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 18, 2025
- Research Description
- The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 26, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2025-2252
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 25, 2025
- Research Description
- The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 30, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) # CVE-2025-4670
- CVE, Research URL
- Home page URL
- Application
- Date
- May 29, 2025
- Research Description
- The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable