cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2302,https://securityvulnerability.io/vulnerability/CVE-2024-2302,Unauthenticated Attackers Can Access Private Information via Directory Listing,"The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.",Wordpress,Easy Digital Downloads – Sell Digital Files & Subscriptions (ecommerce Store + Payments Made Easy),5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T18:58:30.328Z,0
CVE-2024-0659,https://securityvulnerability.io/vulnerability/CVE-2024-0659,Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads Plugin by WordPress,"The Easy Digital Downloads plugin for WordPress, specifically versions up to and including 3.2.6, is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and insufficient output escaping in the variable pricing option title. Authenticated attackers with shop manager-level access could exploit this vulnerability to inject arbitrary web scripts into pages. When users access these compromised pages, the injected scripts would execute in their browsers, potentially leading to unauthorized access and data leakage.",Wordpress,Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy),4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-05T21:21:35.898Z,0
CVE-2022-2387,https://securityvulnerability.io/vulnerability/CVE-2022-2387,Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF,"The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack",Wordpress,Easy Digital Downloads – Simple Ecommerce For Selling Digital Files,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-11-07T00:00:00.000Z,0
CVE-2022-0707,https://securityvulnerability.io/vulnerability/CVE-2022-0707,Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF,"The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack",Wordpress,Easy Digital Downloads – Simple Ecommerce For Selling Digital Files,4.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2022-04-18T17:10:31.000Z,0
CVE-2022-0706,https://securityvulnerability.io/vulnerability/CVE-2022-0706,Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting,"The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed",Wordpress,Easy Digital Downloads – Simple Ecommerce For Selling Digital Files,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-18T17:10:29.000Z,0