Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 126.96.36.199).
Joshua Martinelle discovered and reported this SQL Injection vulnerability in WordPress Easy Digital Downloads Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 188.8.131.52.
Contributor+ Stored XSS Vulnerability
Unauth. CSV Injection vulnerability
Arbitrary Post Deletion via CrossSite Request Forgery (CSRF) vulnerability
PHP Object Injection vulnerability
Stored CrossSite Scripting (XSS) vulnerability
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.Learn more
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.First plugin free