Vulnerabilities > Awesomemotive > Easy Digital Downloads

DATE CVE VULNERABILITY TITLE RISK
2025-01-18 CVE-2024-13517 Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
awesomemotive CWE-79
4.0
4.0
2024-12-21 CVE-2024-12875 Path Traversal vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality.
network
low complexity
awesomemotive CWE-22
4.9
4.9
2024-12-17 CVE-2024-9654 Incorrect Authorization vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4.
network
high complexity
awesomemotive CWE-863
3.7
3.7
2024-12-13 CVE-2023-40005 Missing Authorization vulnerability in Awesomemotive Easy Digital Downloads
Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.
network
low complexity
awesomemotive CWE-862
critical
 9.8
9.8
2024-11-01 CVE-2024-43162 Missing Authorization vulnerability in Awesomemotive Easy Digital Downloads
Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
network
low complexity
awesomemotive CWE-862
8.8
8.8
2024-09-24 CVE-2022-2439 Deserialization of Untrusted Data vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3.
network
low complexity
awesomemotive CWE-502
7.2
7.2
2024-08-29 CVE-2024-5057 SQL Injection vulnerability in Awesomemotive Easy Digital Downloads
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
network
low complexity
awesomemotive CWE-89
critical
 9.8
9.8
2024-08-12 CVE-2024-6691 Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
awesomemotive CWE-79
4.0
4.0
2024-08-12 CVE-2024-6692 Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
awesomemotive CWE-79
3.1
3.1
2024-02-05 CVE-2024-0659 Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
awesomemotive CWE-79
4.8
4.8