VYPR
Vendor

Awesomemotive

Products
2
CVEs
18
Across products
18
Status
Private

Products

2

Recent CVEs

18
  • CVE-2026-2471HigFeb 28, 2026
    risk 0.49cvss 7.5epss 0.00

    The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the `BaseModel` class constructor calling `maybe_unserialize()` on…

  • CVE-2023-51684MedFeb 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell…

  • CVE-2023-3081HigJul 12, 2023
    risk 0.40cvss 7.2epss 0.01

    The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary…

  • CVE-2024-0659MedFeb 5, 2024
    risk 0.36cvss 5.5epss 0.00

    The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and…

  • CVE-2023-40005MedDec 13, 2024
    risk 0.35cvss 5.3epss 0.01

    Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.

  • CVE-2024-2302MedApr 9, 2024
    risk 0.35cvss 5.3epss 0.01

    The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to…

  • CVE-2025-11271MedNov 6, 2025
    risk 0.34cvss 5.3epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this…

  • CVE-2024-32100MedMay 14, 2024
    risk 0.34cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.

  • CVE-2025-8102MedAug 20, 2025
    risk 0.28cvss 5.4epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for…

  • CVE-2024-31113MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.

  • CVE-2024-31293MedApr 12, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.

  • CVE-2025-14783MedDec 31, 2025
    risk 0.21cvss 4.3epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated…

  • CVE-2024-5057Aug 29, 2024
    risk 0.04cvss epss 0.03

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

  • CVE-2025-2252Mar 25, 2025
    risk 0.00cvss epss 0.00

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for…

  • CVE-2024-13517Jan 18, 2025
    risk 0.00cvss epss 0.00

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2024-9654Dec 17, 2024
    risk 0.00cvss epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the…

  • CVE-2024-43162Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

  • CVE-2022-2439Sep 24, 2024
    risk 0.00cvss epss 0.01

    The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative…