Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Easy_digital_downloads
(Awesomemotive)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-07 | CVE-2022-2387 | The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | Easy_digital_downloads | 4.3 | ||
| 2022-11-07 | CVE-2022-2387 | The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | Easy_digital_downloads | 4.3 | ||
| 2022-11-07 | CVE-2022-2387 | The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | Easy_digital_downloads | 4.3 | ||
| 2022-11-21 | CVE-2022-3600 | The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | Easy_digital_downloads | 9.8 | ||
| 2022-08-22 | CVE-2022-33900 | PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | Easy_digital_downloads | 7.2 | ||
| 2022-08-22 | CVE-2022-33900 | PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | Easy_digital_downloads | 7.2 | ||
| 2019-08-16 | CVE-2015-9324 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | Easy_digital_downloads | 9.8 | ||
| 2019-08-16 | CVE-2019-15116 | The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. | Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9525 | The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Easy_digital_downloads, Recurring_payments | 6.1 | ||
| 2019-10-23 | CVE-2015-9526 | The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Easy_digital_downloads, Reviews | 6.1 |