Filtered by vendor Easydigitaldownloads
Subscriptions
Filtered by product Easy Digital Downloads
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2439 | 1 Easydigitaldownloads | 1 Easy Digital Downloads | 2024-09-26 | 7.2 High |
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | ||||
CVE-2024-5057 | 2 Easydigitaldownloads, Sandhillsdev | 2 Easy Digital Downloads, Easy Digital Downloads | 2024-09-20 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. |
Page 1 of 1.