Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Easy Digital Downloads – eCommerce Payments and Subscriptions made easy, with AI-generated Chinese analysis, references, and POCs.

Vendor: smub

CVE IDTitleCVSSSeverityPublished
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect CWE-640 4.3 Medium2025-12-31
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation CWE-807 5.3 Medium2025-11-06
CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions CWE-352 5.4 Medium2025-08-20
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode CWE-79 6.4 Medium2025-05-29
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure CWE-200 5.3 Medium2025-03-25
CVE-2024-13517 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title CWE-79 4.4 Medium2025-01-18
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download CWE-73 4.9 Medium2024-12-21
CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass CWE-863 3.7 Low2024-12-17
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization CWE-502 7.2 High2024-09-24
CVE-2024-6692 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text CWE-79 3.3 Low2024-08-10
CVE-2024-6691 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings CWE-79 4.4 Medium2024-08-10
CVE-2024-2302 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure CWE-532 5.3 Medium2024-04-09
CVE-2024-0659 Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options CWE-79 5.5 Medium2024-02-05

All 13 known CVE vulnerabilities affecting Easy Digital Downloads – eCommerce Payments and Subscriptions made easy with full Chinese analysis, references, and POCs where available.