Unrated severityNVD Advisory· Published Oct 21, 2021· Updated Mar 31, 2025
Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting
CVE-2021-39354
Description
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.11.2
- Easy Digital Downloads/Easy Digital Downloadsv5Range: 2.11.2
Patches
Vulnerability mechanics
References
3- github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.mdmitrex_refsource_MISC
- plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.phpmitrex_refsource_MISC
- www.wordfence.com/vulnerability-advisories/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.