cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13517,https://securityvulnerability.io/vulnerability/CVE-2024-13517,Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads by WordPress,"The Easy Digital Downloads plugin for WordPress is exploitable through a stored cross-site scripting vulnerability affecting all versions up to and including 3.3.2. This issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator rights to inject malicious scripts into page titles. These scripts execute when users interact with compromised pages, posing significant risks, especially in multi-site installations and environments with unfiltered_html disabled.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-18T07:05:09.175Z,0
CVE-2024-12875,https://securityvulnerability.io/vulnerability/CVE-2024-12875,Directory Traversal Vulnerability in Easy Digital Downloads Plugin for WordPress,"CVE-2024-12875 is a directory traversal vulnerability found in the Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress. This vulnerability affects all versions up to and including 3.3.2 and can be exploited by authenticated attackers with Administrator-level access and above. By leveraging this flaw, attackers can read arbitrary files on the server, potentially exposing sensitive information. Proper server configuration and timely updates are essential to mitigate the risk posed by this vulnerability.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,4.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-12-21T11:22:44.638Z,0
CVE-2024-9654,https://securityvulnerability.io/vulnerability/CVE-2024-9654,Unauthorized Information Exposure in Easy Digital Downloads Plugin for WordPress,"CVE-2024-9654 is a critical vulnerability in the Easy Digital Downloads plugin for WordPress, affecting versions 3.1 to 3.3.4. This issue stems from improper authorization checks in the 'verify_guest_email' function, which fails to ensure that a requesting user is the rightful recipient of a purchase receipt. Consequently, this flaw allows unauthenticated attackers to bypass security protocols and gain access to the purchase receipts of other users. These receipts can potentially expose download links for paid content, requiring only the attacker's knowledge of another user's email address and the specific file ID. Website owners using this plugin should prioritize applying security updates to mitigate this risk.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,3.7,LOW,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-17T11:10:18.973Z,0
CVE-2022-2439,https://securityvulnerability.io/vulnerability/CVE-2022-2439,Plugin Vulnerability Could Allow Authenticated Users to Perform Malicious Actions,"The Easy Digital Downloads plugin for WordPress is exposed to a deserialization vulnerability through the 'upload[file]' parameter. This vulnerability affects versions up to and including 3.3.3, allowing authenticated administrative users to exploit the system by using a PHAR wrapper to deserialize and invoke arbitrary PHP Objects. Such actions can lead to various malicious activities, contingent upon the presence of a suitable PHP Object Pollution (POP) chain. This significant weakness underscores the need for immediate updates and security best practices to mitigate potential misuse.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-24T03:06:38.891Z,0
CVE-2024-6691,https://securityvulnerability.io/vulnerability/CVE-2024-6691,Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings,"The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-6692,https://securityvulnerability.io/vulnerability/CVE-2024-6692,Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text,"The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy,3.3,LOW,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-2302,https://securityvulnerability.io/vulnerability/CVE-2024-2302,Unauthenticated Attackers Can Access Private Information via Directory Listing,"The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.",Wordpress,Easy Digital Downloads – Sell Digital Files & Subscriptions (ecommerce Store + Payments Made Easy),5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:30.328Z,0