Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0).
Krzysztof ZajÄ…c discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Easy Digital Downloads Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 3.0.
Contributor+ Stored XSS Vulnerability
31.01.2023
Unauthenticated SQL Injection Vulnerability
14.01.2023
Unauth. CSV Injection vulnerability
28.10.2022
PHP Object Injection vulnerability
10.08.2022
Stored CrossSite Scripting (XSS) vulnerability
28.03.2022