Filtered by vendor Easydigitaldownloads
Subscriptions
Filtered by product Easy Digital Downloads
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2302 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2026-04-08 | 5.3 Medium |
| The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | ||||
| CVE-2022-2439 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2026-04-08 | 7.2 High |
| The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | ||||
| CVE-2024-5057 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2025-02-07 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | ||||
Page 1 of 1.