RSS   Podatności dla 'Easy digital downloads'   RSS

2022-04-18
 
CVE-2022-0706

CWE-79
 

 
The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

 
 
CVE-2022-0707

CWE-352
 

 
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

 
2021-10-21
 
CVE-2021-39354

CWE-79
 

 
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.

 


Copyright 2024, cxsecurity.com

 

Back to Top