Easy Digital Downloads
by WordPress
Source repositories
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3600 | 0.00 | — | 0.01 | Nov 21, 2022 | The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||
| CVE-2022-2387 | 0.00 | — | 0.00 | Nov 7, 2022 | The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a… | |||
| CVE-2022-33900 | 0.00 | — | 0.01 | Aug 22, 2022 | PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | |||
| CVE-2022-0707 | 0.00 | — | 0.00 | Apr 18, 2022 | The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | |||
| CVE-2022-0706 | 0.00 | — | 0.01 | Apr 18, 2022 | The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||
| CVE-2021-39354 | 0.00 | — | 0.01 | Oct 21, 2021 | The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to… | |||
| CVE-2015-9505 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused. | |||
| CVE-2015-9511 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||
| CVE-2015-9514 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||
| CVE-2015-9524 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||
| CVE-2015-9531 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||
| CVE-2015-9535 | 0.00 | — | 0.01 | Oct 23, 2019 | The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||
| CVE-2019-15116 | 0.00 | — | 0.01 | Aug 16, 2019 | The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. | |||
| CVE-2015-9324 | 0.00 | — | 0.02 | Aug 16, 2019 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. |
- CVE-2022-3600Nov 21, 2022risk 0.00cvss —epss 0.01
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
- CVE-2022-2387Nov 7, 2022risk 0.00cvss —epss 0.00
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a…
- CVE-2022-33900Aug 22, 2022risk 0.00cvss —epss 0.01
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
- CVE-2022-0707Apr 18, 2022risk 0.00cvss —epss 0.00
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
- CVE-2022-0706Apr 18, 2022risk 0.00cvss —epss 0.01
The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
- CVE-2021-39354Oct 21, 2021risk 0.00cvss —epss 0.01
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to…
- CVE-2015-9505Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused.
- CVE-2015-9511Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- CVE-2015-9514Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- CVE-2015-9524Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- CVE-2015-9531Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- CVE-2015-9535Oct 23, 2019risk 0.00cvss —epss 0.01
The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
- CVE-2019-15116Aug 16, 2019risk 0.00cvss —epss 0.01
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
- CVE-2015-9324Aug 16, 2019risk 0.00cvss —epss 0.02
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
Page 2 of 2