Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Easy_digital_downloads
(Sandhillsdev)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-18 | CVE-2022-0707 | The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | Easy_digital_downloads | 4.3 | ||
| 2019-08-16 | CVE-2015-9324 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | Easy_digital_downloads | 9.8 | ||
| 2019-08-16 | CVE-2019-15116 | The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. | Easy_digital_downloads | 6.1 | ||
| 2021-10-21 | CVE-2021-39354 | The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2. | Easy_digital_downloads | 4.8 | ||
| 2019-10-23 | CVE-2015-9525 | The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Recurring_payments, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9526 | The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Reviews, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9527 | The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Simple_shipping, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9528 | The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Software_licensing, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9529 | The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Stripe, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9530 | The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Upload_file, Easy_digital_downloads | 6.1 |