CVE-2023-30869

WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
Wordfence

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.

The Easy Digital Downloads plugin for WordPress is vulnerable to Unauthenticated Arbitrary Password Resets to Privilege Escalation in versions 3.1 to 3.1.1.4.1. This is due to a lack of validation of a password reset key in the edd_validate_password_reset function. This makes it possible for unauthenticated attackers to reset the password of any user on a vulnerable site, including an administrator, if they have the email or username of the targeted account.

*Credits: Tien Nguyen Anh (Patchstack Alliance)

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-04-19 CVE Reserved
2023-05-02 CVE Published
2024-06-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-620: Unverified Password Change

CAPEC

CAPEC-233: Privilege Escalation

References (2)

URL	Tag	Source
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve	2023-05-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sandhillsdev Search vendor "Sandhillsdev"		Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads"				>= 3.1 < 3.1.1.4.2 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 3.1 < 3.1.1.4.2"		wordpress		Affected