cleantalk
Vulnerabilities and Security Researches

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy), CVE-2025-4670

CVE, Research URL

CVE-2025-4670

Home page URL

Security reports for Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Application

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Published on
May 29, 2025
Research Description
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.3.9.
Status
vulnerable
Previous vulnerability researches
CryptoCloud – Crypto Payment Gateway (CVE-2025-48147) , May 26, 2025
New vulnerability
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-48125) , May 31, 2025
Minimal Share Buttons (CVE-2025-5259) , May 30, 2025
LA-Studio Element Kit for Elementor (CVE-2025-4943) , May 30, 2025
LA-Studio Element Kit for Elementor (CVE-2025-4944) , May 30, 2025
Essential Real Estate (CVE-2025-48126) , May 30, 2025