Easy Digital Downloads
Syed Balkhi
Developer
3.6.3
Latest version
40,000
Installations
No date
Last updated
Vulnerability history
0 present
33 fixed
6 Mitigation rules
- Unvalidated Redirect in Password Reset Flow via edd_redirect vulnerability<= 3.6.2Dec 30, 2025
- Insufficient Verification to Order Manipulation vulnerability<= 3.5.2Nov 6, 2025
- Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability<= 3.5.0Aug 19, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode vulnerability<= 3.3.8.1May 28, 2025
- Unauthenticated Private Post Title Disclosure vulnerability<= 3.3.6.1Mar 24, 2025
- Authenticated (Admin+) Stored Cross-Site Scripting via Title vulnerability<= 3.3.2Jan 20, 2025
- Authenticated (Admin+) Arbitrary File Download vulnerability<= 3.3.2Dec 23, 2024
- Improper Authorization to Paywall Bypass vulnerability3.1-3.3.4Dec 16, 2024
- Authenticated (Admin+) PHAR Deserialization vulnerability<= 3.3.3Sep 24, 2024
- Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text vulnerability<= 3.3.2Aug 12, 2024
- Broken Access Control vulnerability<= 3.2.12Aug 7, 2024
- SQL Injection vulnerability<= 3.2.12Aug 1, 2024
- Sensitive Data Exposure vulnerability<= 3.2.11May 9, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.2.11May 9, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.2.6Apr 5, 2024
- Sensitive Information Exposure vulnerability<= 3.2.9Apr 4, 2024
- Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options vulnerability<= 3.2.6Feb 5, 2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.5Dec 27, 2023
- Broken Access Control<= 3.1.5Dec 26, 2023
- Cross-Site Request Forgery Leading To Plugin Upgrade Vulnerability<= 3.1.1.4.2Jun 8, 2023
- Unauthenticated Privilege Escalation Vulnerability3.1-3.1.1.4.1May 1, 2023
- Contributor+ Stored XSS Vulnerability< 3.1.0.5Jan 31, 2023
- Unauthenticated SQL Injection Vulnerability<= 3.1.0.3Jan 14, 2023
- Unauth. CSV Injection vulnerability<= 3.1.0.1.1Oct 28, 2022
- Arbitrary Post Deletion via Cross-Site Request Forgery (CSRF) vulnerability<= 2.11.7Oct 17, 2022
- PHP Object Injection vulnerability<= 3.0.1Aug 10, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.11.5Mar 28, 2022
- Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability<= 2.11.5Mar 28, 2022
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.11.2Oct 21, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.10.2Apr 16, 2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.9.15Jun 16, 2019
- Information Disclosure Vulnerability<= 2.7.11Mar 31, 2017
- PHP Object Injection<= 2.5.7Mar 2, 2016