Page 4 of 51 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed El plugin Easy Digital Downloads de WordPress versiones anteriores a 2.11.6 no sanea ni escapa del nombre del archivo descargable en los registros, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting cuando la capacidad unfiltered_html no está permitida • https://plugins.trac.wordpress.org/changeset/2697388 https://wpscan.com/vulnerability/598d5c1b-7930-46a6-9a31-5e08a5f14907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2. El plugin Easy Digital Downloads de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio de los parámetros $start_date y $end_date encontrados en el archivo ~/includes/admin/payments/class-payments-table.php que permite a atacantes inyectar scripts web arbitrarios, en versiones hasta la 2.11.2 incluyéndola • https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. La extensión Commissions de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el parámetro add_query_arg es usado inapropiadamente. • https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. El plugin easy-digital-downloads versiones anteriores a 2.3.3 para WordPress, presenta una inyección SQL. The Easy Digital Downloads – Simple Ecommerce for Selling Digital Files WordPress plugin was affected by a SQL Injection security vulnerability. Versions up to, and including, 2.3.2 were affected. • https://wordpress.org/plugins/easy-digital-downloads/#developers https://wpvulndb.com/vulnerabilities/9770 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. El plugin easy-digital-downloads versiones anteriores a 2.9.16 para WordPress, presenta una vulnerabilidad de tipo XSS relacionada con el registro de direcciones IP. • https://wordpress.org/plugins/easy-digital-downloads/#developers https://wpvulndb.com/vulnerabilities/9334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •