Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Easy Digital Downloads – eCommerce Payments and Subscriptions made easy, with AI-generated Chinese analysis, references, and POCs.

This page catalogs security weaknesses associated with Easy Digital Downloads, a popular WordPress plugin categorized under eCommerce Payments and Subscriptions software. It aggregates data on various vulnerability types, including cross-site scripting, unauthorized access, and insecure direct object references, covering incidents reported from early 2015 through the present day. Visitors can use this resource to track a vendor's security advisories over time, gain a deeper understanding of specific weakness classes affecting the codebase, and look up a product's vulnerability history to assess its overall security posture. The information is compiled from public repositories, including CVE listings and vendor notifications, providing a consolidated view of known issues without redundancy. By examining these records, security professionals and site administrators can better understand the nature of past exploits and identify potential gaps in current configurations. The page serves as a neutral reference point, focusing strictly on factual data rather than subjective analysis or promotional content. Users interested in the historical context of security flaws within this specific plugin will find a chronological and categorically organized listing of all documented incidents. This approach facilitates efficient risk assessment and helps stakeholders make informed decisions regarding updates and mitigation strategies for their digital commerce platforms.

Vendor: smub

CVE IDTitleCVSSSeverityPublished
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect CWE-640 4.3 Medium2025-12-31
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation CWE-807 5.3 Medium2025-11-06
CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions CWE-352 5.4 Medium2025-08-20
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode CWE-79 6.4 Medium2025-05-29
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure CWE-200 5.3 Medium2025-03-25
CVE-2024-13517 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title CWE-79 4.4 Medium2025-01-18
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download CWE-73 4.9 Medium2024-12-21
CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass CWE-863 3.7 Low2024-12-17
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization CWE-502 7.2 High2024-09-24
CVE-2024-6692 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text CWE-79 3.3 Low2024-08-10
CVE-2024-6691 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings CWE-79 4.4 Medium2024-08-10
CVE-2024-2302 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure CWE-532 5.3 Medium2024-04-09
CVE-2024-0659 Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options CWE-79 5.5 Medium2024-02-05

All 13 known CVE vulnerabilities affecting Easy Digital Downloads – eCommerce Payments and Subscriptions made easy with full Chinese analysis, references, and POCs where available.