Filtered by vendor Easydigitaldownloads
Subscriptions
Filtered by product Easy Digital Downloads
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-5057 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2025-02-07 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | ||||
CVE-2022-2439 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2025-02-07 | 7.2 High |
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. |
Page 1 of 1.