Easy Digital Downloads
Syed Balkhi
Developer
3.6.6.1
Latest version
40,000
Installations
No date
Last updated
Vulnerability history
0 present
34 patched
6 Mitigation rules
- Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings vulnerability<= 3.3.202/02/2026
- Unvalidated Redirect in Password Reset Flow via edd_redirect vulnerability<= 3.6.230/12/2025
- Insufficient Verification to Order Manipulation vulnerability<= 3.5.206/11/2025
- Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability<= 3.5.019/08/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode vulnerability<= 3.3.8.128/05/2025
- Unauthenticated Private Post Title Disclosure vulnerability<= 3.3.6.124/03/2025
- Authenticated (Admin+) Stored Cross-Site Scripting via Title vulnerability<= 3.3.220/01/2025
- Authenticated (Admin+) Arbitrary File Download vulnerability<= 3.3.223/12/2024
- Improper Authorization to Paywall Bypass vulnerability3.1-3.3.416/12/2024
- Authenticated (Admin+) PHAR Deserialization vulnerability<= 3.3.324/09/2024
- Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text vulnerability<= 3.3.212/08/2024
- Broken Access Control vulnerability<= 3.2.1207/08/2024
- SQL Injection vulnerability<= 3.2.1201/08/2024
- Sensitive Data Exposure vulnerability<= 3.2.1109/05/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.2.1109/05/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.2.605/04/2024
- Sensitive Information Exposure vulnerability<= 3.2.904/04/2024
- Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options vulnerability<= 3.2.605/02/2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.527/12/2023
- Broken Access Control<= 3.1.526/12/2023
- Cross-Site Request Forgery Leading To Plugin Upgrade Vulnerability<= 3.1.1.4.208/06/2023
- Unauthenticated Privilege Escalation Vulnerability3.1-3.1.1.4.101/05/2023
- Contributor+ Stored XSS Vulnerability< 3.1.0.531/01/2023
- Unauthenticated SQL Injection Vulnerability<= 3.1.0.314/01/2023
- Unauth. CSV Injection vulnerability<= 3.1.0.1.128/10/2022
- Arbitrary Post Deletion via Cross-Site Request Forgery (CSRF) vulnerability<= 2.11.717/10/2022
- PHP Object Injection vulnerability<= 3.0.110/08/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.11.528/03/2022
- Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability<= 2.11.528/03/2022
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.11.221/10/2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.10.216/04/2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.9.1516/06/2019
- Information Disclosure Vulnerability<= 2.7.1131/03/2017
- PHP Object Injection<= 2.5.702/03/2016