Vulnerabilities and security researches foredd-courses edd-courses

Jun 07, 2024

CVE, Research URL: 5f143ad9742d0a8c48cc70d91d01047de37e117a
Home page URL: Security reports for Easy Digital Downloads – Courses
Application: Easy Digital Downloads – Courses
Date: Feb 28, 2022
Research Description: Easy Digital Downloads – Courses [edd-courses] < 0.1.1 (closed) WordPress Easy Digital Downloads – Courses plugin <= 0.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Easy Digital Downloads – Courses plugin (versions <= 0.1.0).
Affected versions: max 0.1.1.
Status: vulnerable

Jun 13, 2026

CVE, Research URL: CVE-2023-33999
Home page URL: Security reports for Easy Digital Downloads – Courses
Application: Easy Digital Downloads – Courses
Date: Jun 11, 2026
Research Description: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions: max 0.1.1.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: f86a16c5738741c6ec6633af3048d3a0c9d0bc47
Home page URL: Security reports for Easy Digital Downloads – Courses
Application: Easy Digital Downloads – Courses
Date: Feb 28, 2022
Research Description: Easy Digital Downloads – Courses [edd-courses] < 0.1.1 (closed) WordPress Easy Digital Downloads – Courses plugin <= 0.1.0 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Easy Digital Downloads – Courses plugin (versions <= 0.1.0).
Affected versions: max 0.1.1.
Status: vulnerable

CVE, Research URL: 6ff37c2e-e21d-4abc-bafe-8ca6a2c1ed76
Home page URL: Security reports for Easy Digital Downloads – Courses
Application: Easy Digital Downloads – Courses
Date: -
Research Description: Easy Digital Downloads – Courses [edd-courses] < 0.1.1 (closed) Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options
Affected versions: max 0.1.1.
Status: vulnerable

CVE, Research URL: 7e57cd4f4859826de00a8e2b09ee24fb7f2d824b
Home page URL: Security reports for Easy Digital Downloads – Courses
Application: Easy Digital Downloads – Courses
Date: Feb 25, 2019
Research Description: Easy Digital Downloads – Courses [edd-courses] < 0.1.1 (closed) Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update The Freemius SDK for WordPress is vulnerable to authorization bypass due to a missing capability check on the _get_db_option and _set_db_option functions in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change site settings and potentially take over the site.
Affected versions: max 0.1.1.
Status: vulnerable