CVSS: 10.0EPSS: 83%CPEs: 1EXPL: 1CVE-2023-23489 – Easy Digital Downloads < 3.1.0.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-23489
12 Jan 2023 — The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. The Easy Digital Downloads plugin for WordPress is vulnerable to SQL Injection in versions before 3.1.0.4 via the 's' parameter used in the 'edd_download_search' AJAX action. This allows unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive infor... • https://www.tenable.com/security/research/tra-2023-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3600 – Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
https://notcve.org/view.php?id=CVE-2022-3600
28 Sep 2022 — The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. El complemento de WordPress Easy Digital Downloads anterior a 3.1.0.2 no valida los datos cuando se generan en un archivo CSV, lo que podría provocar una inyección de CSV. The Easy Digital Downloads plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 3.1.0.1.1. This allows unauthenticated attackers to embed untrusted input into ... • https://wpscan.com/vulnerability/16e2d970-19d0-42d1-8fb1-e7cb14ace1d0 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •