Vulnerabilities > Awesomemotive > Easy Digital Downloads > 3.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-18 | CVE-2024-13517 | Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.0 |
| 2024-12-21 | CVE-2024-12875 | Path Traversal vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. | 4.9 |
| 2024-12-17 | CVE-2024-9654 | Incorrect Authorization vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. | 3.7 |
| 2024-09-24 | CVE-2022-2439 | Deserialization of Untrusted Data vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. | 7.2 |
| 2024-08-12 | CVE-2024-6691 | Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.0 |
| 2024-08-12 | CVE-2024-6692 | Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 3.1 |