cleantalk
Vulnerabilities and Security Researches

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy), CVE-2025-14783

CVE, Research URL

CVE-2025-14783

Home page URL

Security reports for Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Application

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Published on
Dec 31, 2025
Research Description
The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions
max 3.6.3.
Status
vulnerable
Previous vulnerability researches
Easy Digital Downloads Google Sheet Connector (15a5f778b24e34c8a9f5f1c30ea580c8a86c0dc5) , Jun 06, 2024
Wezido – Elementor Addon Based on Easy Digital Downloads (CVE-2024-51836) , Nov 12, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2025-8102) , Aug 20, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2025-2252) , Mar 26, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2015-9517) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026