Easy Digital Downloads
Approved changes feed: RSS · Atom
cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Easydigitaldownloads (22e9386b-5120-514a-8c40-30ff704760f9) |
|---|---|
| Product | Easy Digital Downloads (d3c79128-fe9d-5f33-804e-6045b48966f8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:easydigitaldownloads/easy-digital-downloads |
purl2cpe | 2026-06-01 10:11:37.560125 |
pkg:github/easydigitaldownloads/easy-digital-downloads |
purl2cpe | 2026-06-01 10:11:37.560128 |
pkg:wordpress/easy-digital-downloads |
purl2cpe | 2026-06-01 10:11:37.560131 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-5057 |
vulnerable | 2026-06-03 14:57:51.628790 |
WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Published: 2024-08-29T14:04:35.019Z
Updated: 2026-04-28T16:10:32.171Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2302 |
vulnerable | 2026-06-03 14:55:28.931820 |
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure
MEDIUM (5.3)
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.
Published: 2024-04-09T18:58:30.328Z
Updated: 2026-04-08T16:34:12.462Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2439 |
vulnerable | 2026-06-03 14:47:06.372979 |
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization
HIGH (7.2)
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
Published: 2024-09-24T03:06:38.891Z
Updated: 2026-04-08T16:57:31.750Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.