The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-11-07T00:00:00

Updated: 2024-08-03T00:39:06.976Z

Reserved: 2022-07-12T00:00:00

Link: CVE-2022-2387

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-07T10:15:11.413

Modified: 2024-11-21T07:00:53.380

Link: CVE-2022-2387

cve-icon Redhat

No data.