Filtered by vendor Easydigitaldownloads Subscriptions
Filtered by product Easy Digital Downloads Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2439 1 Easydigitaldownloads 1 Easy Digital Downloads 2024-09-26 7.2 High
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
CVE-2024-5057 2 Easydigitaldownloads, Sandhillsdev 2 Easy Digital Downloads, Easy Digital Downloads 2024-09-20 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.