CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0380 – Easy Digital Downloads < 3.1.0.5 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0380
The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Easy Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page • https://wpscan.com/vulnerability/3256e090-1131-459d-ade5-f052cd5d189f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 1CVE-2023-23489 – Easy Digital Downloads < 3.1.0.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-23489
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. The Easy Digital Downloads plugin for WordPress is vulnerable to SQL Injection in versions before 3.1.0.4 via the 's' parameter used in the 'edd_download_search' AJAX action. This allows unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.tenable.com/security/research/tra-2023-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2387 – Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF
https://notcve.org/view.php?id=CVE-2022-2387
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack El complemento de WordPress Easy Digital Downloads anterior a 3.0 no cuenta con verificación CSRF al eliminar el historial de pagos y no garantiza que la publicación que se eliminará sea en realidad un historial de pagos. Como resultado, los atacantes podrían hacer que un administrador que haya iniciado sesión elimine una publicación arbitraria mediante un ataque CSRF. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.11.7 . This is due to missing or incorrect nonce validation when deleting payment history. • https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3600 – Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
https://notcve.org/view.php?id=CVE-2022-3600
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. El complemento de WordPress Easy Digital Downloads anterior a 3.1.0.2 no valida los datos cuando se generan en un archivo CSV, lo que podría provocar una inyección de CSV. The Easy Digital Downloads plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 3.1.0.1.1. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://wpscan.com/vulnerability/16e2d970-19d0-42d1-8fb1-e7cb14ace1d0 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33900 – WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. Una vulnerabilidad de inyección de objetos en PHP en el plugin Easy Digital Downloads versiones anteriores a 3.0.1 incluyéndola, en WordPress. The Easy Digital Downloads plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability https://wordpress.org/plugins/easy-digital-downloads/#developers • CWE-502: Deserialization of Untrusted Data •