CVE-2022-33900 - Vulnerability Details - OpenCVE

PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00746.

Key SSVC decision points have not yet been added.

Vendors	Products
Awesomemotive	Easy Digital Downloads

Configuration 1 [-]

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-36937	PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

Fixes

Solution

Update to 3.0.2 or higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability
https://wordpress.org/plugins/easy-digital-downloads/#developers

History

Fri, 07 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Awesomemotive Awesomemotive easy Digital Downloads
CPEs	cpe:2.3:a:sandhillsdev:easy_digital_downloads::::::wordpress::*	cpe:2.3:a:awesomemotive:easy_digital_downloads::::::wordpress::*
Vendors & Products	Sandhillsdev Sandhillsdev easy Digital Downloads	Awesomemotive Awesomemotive easy Digital Downloads

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-08-22T14:48:37.139Z

Updated: 2025-02-20T20:13:03.946Z

Reserved: 2022-06-30T00:00:00.000Z

Link: CVE-2022-33900

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T15:15:15.893

Modified: 2025-02-20T21:15:21.680

Link: CVE-2022-33900

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Easy Digital Downloads", "vendor": "Easy Digital Downloads", "versions": [{"lessThanOrEqual": "3.0.1", "status": "affected", "version": "<= 3.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "datePublic": "2022-08-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "PHP Object Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T14:48:37.000Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}], "solutions": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-08-10T11:40:00.000Z", "ID": "CVE-2022-33900", "STATE": "PUBLIC", "TITLE": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easy Digital Downloads", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 3.0.1", "version_value": "3.0.1"}]}}]}, "vendor_name": "Easy Digital Downloads"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PHP Object Injection"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"name": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}]}, "solution": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.686Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T19:27:14.030496Z", "id": "CVE-2022-33900", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T20:13:03.946Z"}}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-33900", "datePublished": "2022-08-22T14:48:37.139Z", "dateReserved": "2022-06-30T00:00:00.000Z", "dateUpdated": "2025-02-20T20:13:03.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBEAC57A-0D0D-4F7B-9876-E342640846E3", "versionEndIncluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de objetos en PHP en el plugin Easy Digital Downloads versiones anteriores a 3.0.1 incluy\u00e9ndola, en WordPress."}], "id": "CVE-2022-33900", "lastModified": "2025-02-20T21:15:21.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T15:15:15.893", "references": [{"source": "audit@patchstack.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"source": "audit@patchstack.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}