Vulnerabilities > Sandhillsdev > Easy Digital Downloads > 3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-0659 | Cross-site Scripting vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-02-01 | CVE-2023-51684 | Cross-site Scripting vulnerability in Sandhillsdev Easy Digital Downloads Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5. | 5.4 |
| 2023-05-02 | CVE-2023-30869 | Improper Authentication vulnerability in Sandhillsdev Easy Digital Downloads Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. | 9.8 |
| 2023-02-21 | CVE-2023-0380 | Unspecified vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2023-01-20 | CVE-2023-23489 | SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | 9.8 |
| 2022-11-21 | CVE-2022-3600 | Unspecified vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | 9.8 |