Vulnerabilities > Sandhillsdev > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-29 | CVE-2024-5057 | SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | 9.8 |
2023-05-02 | CVE-2023-30869 | Improper Authentication vulnerability in Sandhillsdev Easy Digital Downloads Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. | 9.8 |
2023-01-20 | CVE-2023-23489 | SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | 9.8 |
2022-11-21 | CVE-2022-3600 | Unspecified vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | 9.8 |