CVE-2022-0707
Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
El plugin Easy Digital Downloads de WordPress versiones anteriores a 2.11.6, no presenta comprobación de tipo CSRF cuando son insertadas notas de pago, lo que podrÃa permitir a atacantes hacer que un administrador registrado inserte notas arbitrarias por medio de un ataque de tipo CSRF
The Easy Digital Downloads WordPress plugin before version 2.11.6 does not have Cross-Site Request Forgery checks in place when inserting payment notes. This could allow attackers to make a logged admin insert arbitrary notes via a Cross-Site Request Forgery attack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-21 CVE Reserved
- 2022-04-09 CVE Published
- 2023-11-09 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117 | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/changeset/2697388 | 2022-04-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | < 2.11.6 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " < 2.11.6" | wordpress |
Affected
|