CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31113 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31113
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32100 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32100
09 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information E... • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33910 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33910
29 Apr 2024 — Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de autorización faltante en publicaciones digitales de Supsystic. Este problema afecta a las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32089 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32089
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Digital Publications by Supsystic. Este problema afecta las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31293 – WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31293
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.6. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40005 – WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-40005
26 Dec 2023 — Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.5. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/easy-digital-downloads/vulnerability/wordpress-easy-digital-downloads-plugin-3-1-5-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3653 – Stored XSS in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3653
08 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("Cross-Site Scripting") en Digital Ant E-Commerce Software permite la existencia de Cross-Site Scripting (XSS) almacenado. Este problema afecta a las versiones de E-Commerce Software antes de la v11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3652 – Reflected XSS in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3652
08 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3651 – SQLi in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3651
08 Aug 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25984 – WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25984
13 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado con necesidad de autenticación (permisos de administrador o superior) en el plugin Rigorous & Factory Pattern Dovetail en versiones anteriores, e incluyendo, la 1.2.13. The Dovetail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.13 due to insuffic... • https://patchstack.com/database/vulnerability/dovetail/wordpress-dovetail-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •