VYPR
Unrated severityNVD Advisory· Published Sep 24, 2024· Updated Apr 8, 2026

Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization

CVE-2022-2439

Description

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.