Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Easy_digital_downloads
(Sandhillsdev)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-05 | CVE-2024-0659 | The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | Easy_digital_downloads | 4.8 | ||
| 2024-08-29 | CVE-2024-5057 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | Easy_digital_downloads | 9.8 | ||
| 2019-08-16 | CVE-2015-9324 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | Easy_digital_downloads | 9.8 | ||
| 2019-08-16 | CVE-2019-15116 | The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. | Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9525 | The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Recurring_payments, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9526 | The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Reviews, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9527 | The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Simple_shipping, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9528 | The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Software_licensing, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9529 | The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Stripe, Easy_digital_downloads | 6.1 | ||
| 2019-10-23 | CVE-2015-9530 | The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | Upload_file, Easy_digital_downloads | 6.1 |