Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)

Information

Software Type Plugin
Software Slug easy-digital-downloads (view on wordpress.org)
Software Status Active
Software Author smub
Software Website easydigitaldownloads.com
Software Downloads 4,589,737
Software Active Installs 50,000
Software Record Last Updated October 1, 2023

19 vulnerabilities

Easy Digital Downloads <= 3.1.1.4.2 - Cross-Site Request Forgery via edd_trigger_upgrades
4.3
CVE ID Unknown
Jun 7, 2023
Researchers:
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation
9.8
CVE-2023-30869
May 2, 2023
Researcher: Nguyen Anh Tien
Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0380
Jan 30, 2023
Researcher: Lana Codes
Easy Digital Downloads < 3.1.0.4 - SQL Injection
9.8
CVE-2023-23489
Jan 12, 2023
Researcher: Joshua Martinelle
Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion
8.8
CVE-2022-2387
Oct 17, 2022
Researcher: Krzysztof Zając
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection
8.8
CVE-2022-3600
Sep 28, 2022
Researcher: Francesco Carlucci
Easy Digital Downloads <= 3.0.1 - PHP Object Injection
9.8
CVE-2022-33900
Aug 10, 2022
Researcher: Robert Rowley
Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery
8.8
CVE-2022-0707
Apr 9, 2022
Researcher: Muhamad Hidayat
Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting
5.5
CVE-2022-0706
Mar 28, 2022
Researcher: Muhamad Hidayat
Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting
4.8
CVE-2021-39354
Oct 21, 2021
Researcher: Thinkland Security Team
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting
5.4
CVE ID Unknown
Oct 19, 2021
Researcher: Thinkland Security Team
Easy Digital Downloads <= 2.10.3 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
May 4, 2021
Researchers:
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.10.2 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Apr 16, 2021
Researcher: WPScanTeam
Easy Digital Downloads <= 2.10.2 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Apr 14, 2021
Researchers:
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.2 - SQL Injection
9.8
CVE-2015-9324
Sep 22, 2020
Researchers:
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.9.15 - Stored Cross-Site Scripting
6.1
CVE-2019-15116
Jun 12, 2019
Researchers:
Easy Digital Downloads <= 2.5.7 - PHP Object Injection
9.8
CVE ID Unknown
Mar 2, 2016
Researcher: Danny van Kooten
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.6 - Cross-Site Scripting
6.1
CVE-2015-9505
Apr 20, 2015
Researchers:
Easy Digital Downloads (Various Versions) - Cross-Site Scripting
6.1
CVE-2015-9512
Apr 20, 2015
Researchers:
Title CVE ID CVSS Researchers Date
Easy Digital Downloads <= 3.1.1.4.2 - Cross-Site Request Forgery via edd_trigger_upgrades 4.3 June 7, 2023
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation CVE-2023-30869 9.8 Nguyen Anh Tien May 2, 2023
Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0380 6.4 Lana Codes January 30, 2023
Easy Digital Downloads < 3.1.0.4 - SQL Injection CVE-2023-23489 9.8 Joshua Martinelle January 12, 2023
Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion CVE-2022-2387 8.8 Krzysztof Zając October 17, 2022
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection CVE-2022-3600 8.8 Francesco Carlucci September 28, 2022
Easy Digital Downloads <= 3.0.1 - PHP Object Injection CVE-2022-33900 9.8 Robert Rowley August 10, 2022
Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery CVE-2022-0707 8.8 Muhamad Hidayat April 9, 2022
Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting CVE-2022-0706 5.5 Muhamad Hidayat March 28, 2022
Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting CVE-2021-39354 4.8 Thinkland Security Team October 21, 2021
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting 5.4 Thinkland Security Team October 19, 2021
Easy Digital Downloads <= 2.10.3 - Reflected Cross-Site Scripting 6.1 May 4, 2021
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.10.2 - Cross-Site Request Forgery 4.3 WPScanTeam April 16, 2021
Easy Digital Downloads <= 2.10.2 - Cross-Site Request Forgery 4.3 April 14, 2021
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.2 - SQL Injection CVE-2015-9324 9.8 September 22, 2020
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.9.15 - Stored Cross-Site Scripting CVE-2019-15116 6.1 June 12, 2019
Easy Digital Downloads <= 2.5.7 - PHP Object Injection 9.8 Danny van Kooten March 2, 2016
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.6 - Cross-Site Scripting CVE-2015-9505 6.1 April 20, 2015
Easy Digital Downloads (Various Versions) - Cross-Site Scripting CVE-2015-9512 6.1 April 20, 2015

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation