Vulnerabilities > Sandhillsdev > Easy Digital Downloads > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-5057 SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
network
low complexity
sandhillsdev CWE-89
critical
 9.8
9.8
2023-05-02 CVE-2023-30869 Improper Authentication vulnerability in Sandhillsdev Easy Digital Downloads
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth.
network
low complexity
sandhillsdev CWE-287
critical
 9.8
9.8
2023-01-20 CVE-2023-23489 SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
network
low complexity
sandhillsdev CWE-89
critical
 9.8
9.8
2022-11-21 CVE-2022-3600 Unspecified vulnerability in Sandhillsdev Easy Digital Downloads
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
network
low complexity
sandhillsdev
critical
 9.8
9.8