Sandhillsdev

sandhillsdev

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Easy Digital Downloads

easy_digital_downloads

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-32100 1Sandhillsdev 1Easy Digital Downloads Jun 17, 2026 May 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
CVE-2024-31113 1Sandhillsdev 1Easy Digital Downloads Jun 17, 2026 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
CVE-2024-31293 1Sandhillsdev 1Easy Digital Downloads Jun 17, 2026 Apr 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
CVE-2023-0380 1Sandhillsdev 1Easy Digital Downloads Jun 17, 2026 Feb 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the cont...Show more The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-23489 1Sandhillsdev 1Easy Digital Downloads Jun 17, 2026 Jan 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.