Shodan
Vulnerabilities
Vulnerable Software
Awesomemotive:  >> Easy Digital Downloads  >> 1.0.4.1  Security Vulnerabilities
CVE-2023-51684
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-01
CVE-2022-3600
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-11-21
CVE-2022-2387
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-07
CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
CVSS Score
4.1
EPSS Score
0.001
Published
2022-08-22
CVE-2022-0706
The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-18
CVE-2022-0707
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-18
CVE-2021-39354
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-10-21
CVE-2019-15116
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-16
CVE-2015-9324
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved