Vulnerabilites related to Easy Digital Downloads - Easy Digital Downloads
cve-2023-40005
Vulnerability from cvelistv5
Published
2024-12-13 14:24
Modified
2024-12-13 19:05
Severity ?
EPSS score ?
Summary
Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-40005", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-13T19:05:26.095458Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-13T19:05:42.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.2.0", status: "unaffected", }, ], lessThanOrEqual: "3.1.5", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Nguyen Anh Tien (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects Easy Digital Downloads: from n/a through 3.1.5.</p>", }, ], value: "Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.", }, ], impacts: [ { capecId: "CAPEC-180", descriptions: [ { lang: "en", value: "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-13T14:24:04.354Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/wordpress/plugin/easy-digital-downloads/vulnerability/wordpress-easy-digital-downloads-plugin-3-1-5-broken-access-control?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.2.0).", }, ], value: "Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.2.0).", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2023-40005", datePublished: "2024-12-13T14:24:04.354Z", dateReserved: "2023-08-08T12:15:26.376Z", dateUpdated: "2024-12-13T19:05:42.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31113
Vulnerability from cvelistv5
Published
2024-05-10 08:34
Modified
2024-08-02 01:46
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31113", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T18:19:50.536458Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:36:23.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:46:04.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.2.12", status: "unaffected", }, ], lessThanOrEqual: "3.2.11", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Dhabaleshwar Das (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.<p>This issue affects Easy Digital Downloads: from n/a through 3.2.11.</p>", }, ], value: "Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T08:34:08.674Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.2.12 or a higher version.", }, ], value: "Update to 3.2.12 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-31113", datePublished: "2024-05-10T08:34:08.674Z", dateReserved: "2024-03-28T06:58:01.377Z", dateUpdated: "2024-08-02T01:46:04.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5057
Vulnerability from cvelistv5
Published
2024-08-29 14:04
Modified
2024-08-29 14:27
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "easy_digital_downloads", vendor: "easydigitaldownloads", versions: [ { lessThanOrEqual: "3.2.12", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5057", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T14:27:03.676302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T14:27:46.777Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.3.1", status: "unaffected", }, ], lessThanOrEqual: "3.2.12", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "justakazh (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.<p>This issue affects Easy Digital Downloads: from n/a through 3.2.12.</p>", }, ], value: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.", }, ], impacts: [ { capecId: "CAPEC-66", descriptions: [ { lang: "en", value: "CAPEC-66 SQL Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T14:04:35.019Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.3.1 or a higher version.", }, ], value: "Update to 3.3.1 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-5057", datePublished: "2024-08-29T14:04:35.019Z", dateReserved: "2024-05-17T10:11:19.916Z", dateUpdated: "2024-08-29T14:27:46.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-39354
Vulnerability from cvelistv5
Published
2021-10-21 19:38
Modified
2025-03-31 17:57
Severity ?
EPSS score ?
Summary
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: 2.11.2 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:06:42.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-39354", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T17:57:34.532627Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T17:57:42.708Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { lessThanOrEqual: "2.11.2", status: "affected", version: "2.11.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Thinkland Security Team", }, ], datePublic: "2021-10-21T00:00:00.000Z", descriptions: [ { lang: "en", value: "The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross-site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-21T19:38:58.000Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354", }, { tags: [ "x_refsource_MISC", ], url: "https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md", }, ], solutions: [ { lang: "en", value: "Update to version 2.11.2.1 or newer.", }, ], source: { discovery: "UNKNOWN", }, title: "Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { AKA: "Wordfence", ASSIGNER: "security@wordfence.com", DATE_PUBLIC: "2021-10-21T16:05:00.000Z", ID: "CVE-2021-39354", STATE: "PUBLIC", TITLE: "Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Easy Digital Downloads", version: { version_data: [ { version_affected: "<=", version_name: "2.11.2", version_value: "2.11.2", }, ], }, }, ], }, vendor_name: "Easy Digital Downloads", }, ], }, }, credit: [ { lang: "eng", value: "Thinkland Security Team", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354", refsource: "MISC", url: "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354", }, { name: "https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php", refsource: "MISC", url: "https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php", }, { name: "https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md", refsource: "MISC", url: "https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md", }, ], }, solution: [ { lang: "en", value: "Update to version 2.11.2.1 or newer.", }, ], source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2021-39354", datePublished: "2021-10-21T19:38:58.093Z", dateReserved: "2021-08-20T00:00:00.000Z", dateUpdated: "2025-03-31T17:57:42.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43162
Vulnerability from cvelistv5
Published
2024-11-01 14:17
Modified
2024-11-01 19:38
Severity ?
EPSS score ?
Summary
Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43162", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T19:28:25.626587Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-01T19:38:43.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.3.1", status: "unaffected", }, ], lessThanOrEqual: "3.2.12", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "justakazh (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Easy Digital Downloads: from n/a through 3.2.12.</p>", }, ], value: "Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.", }, ], impacts: [ { capecId: "CAPEC-180", descriptions: [ { lang: "en", value: "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T14:17:42.296Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-broken-access-control-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.3.1 or a higher version.", }, ], value: "Update to 3.3.1 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-43162", datePublished: "2024-11-01T14:17:42.296Z", dateReserved: "2024-08-07T09:19:37.567Z", dateUpdated: "2024-11-01T19:38:43.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31293
Vulnerability from cvelistv5
Published
2024-04-12 12:34
Modified
2024-08-02 01:46
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31293", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-31T14:32:21.442128Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:36:10.298Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:46:04.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.2.7", status: "unaffected", }, ], lessThanOrEqual: "3.2.6", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Dhabaleshwar Das (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.<p>This issue affects Easy Digital Downloads: from n/a through 3.2.6.</p>", }, ], value: "Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T12:34:09.294Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.2.7 or a higher version.", }, ], value: "Update to 3.2.7 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-31293", datePublished: "2024-04-12T12:34:09.294Z", dateReserved: "2024-03-29T17:22:51.686Z", dateUpdated: "2024-08-02T01:46:04.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33900
Vulnerability from cvelistv5
Published
2022-08-22 14:48
Modified
2025-02-20 20:13
Severity ?
EPSS score ?
Summary
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: <= 3.0.1 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:09:22.686Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wordpress.org/plugins/easy-digital-downloads/#developers", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-33900", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-20T19:27:14.030496Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-20T20:13:03.946Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { lessThanOrEqual: "3.0.1", status: "affected", version: "<= 3.0.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Vulnerability discovered by Robert Rowley (Patchstack)", }, ], datePublic: "2022-08-10T00:00:00.000Z", descriptions: [ { lang: "en", value: "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "PHP Object Injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-22T14:48:37.000Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wordpress.org/plugins/easy-digital-downloads/#developers", }, ], solutions: [ { lang: "en", value: "Update to 3.0.2 or higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "audit@patchstack.com", DATE_PUBLIC: "2022-08-10T11:40:00.000Z", ID: "CVE-2022-33900", STATE: "PUBLIC", TITLE: "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Easy Digital Downloads", version: { version_data: [ { version_affected: "<=", version_name: "<= 3.0.1", version_value: "3.0.1", }, ], }, }, ], }, vendor_name: "Easy Digital Downloads", }, ], }, }, credit: [ { lang: "eng", value: "Vulnerability discovered by Robert Rowley (Patchstack)", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "PHP Object Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", refsource: "CONFIRM", url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", }, { name: "https://wordpress.org/plugins/easy-digital-downloads/#developers", refsource: "CONFIRM", url: "https://wordpress.org/plugins/easy-digital-downloads/#developers", }, ], }, solution: [ { lang: "en", value: "Update to 3.0.2 or higher version.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2022-33900", datePublished: "2022-08-22T14:48:37.139Z", dateReserved: "2022-06-30T00:00:00.000Z", dateUpdated: "2025-02-20T20:13:03.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30869
Vulnerability from cvelistv5
Published
2023-05-02 09:46
Modified
2025-01-08 22:08
Severity ?
EPSS score ?
Summary
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: 3.1 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve", }, { tags: [ "related", "x_transferred", ], url: "https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30869", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T21:47:09.769436Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T22:08:16.581Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.1.1.4.2", status: "unaffected", }, ], lessThanOrEqual: "3.1.1.4.1", status: "affected", version: "3.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Tien Nguyen Anh (Patchstack Alliance)", }, ], datePublic: "2023-05-02T09:29:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. <span style=\"background-color: var(--wht);\">This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.</span>", }, ], value: "Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T05:05:58.271Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve", }, { tags: [ "related", ], url: "https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.1.1.4.2 or a higher version.", }, ], value: "Update to 3.1.1.4.2 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2023-30869", datePublished: "2023-05-02T09:46:36.439Z", dateReserved: "2023-04-19T12:33:22.775Z", dateUpdated: "2025-01-08T22:08:16.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32100
Vulnerability from cvelistv5
Published
2024-05-13 09:22
Modified
2024-08-02 02:06
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Easy Digital Downloads | Easy Digital Downloads |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32100", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T19:53:03.429863Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:51:40.478Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:06:43.786Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "easy-digital-downloads", product: "Easy Digital Downloads", vendor: "Easy Digital Downloads", versions: [ { changes: [ { at: "3.2.12", status: "unaffected", }, ], lessThanOrEqual: "3.2.11", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Dhabaleshwar Das (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.<p>This issue affects Easy Digital Downloads: from n/a through 3.2.11.</p>", }, ], value: "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-13T09:22:40.482Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.2.12 or a higher version.", }, ], value: "Update to 3.2.12 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-32100", datePublished: "2024-05-13T09:22:40.482Z", dateReserved: "2024-04-10T19:19:02.648Z", dateUpdated: "2024-08-02T02:06:43.786Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }