WordPress Plugin Vulnerabilities

Easy Digital Downloads < 3.2.0 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
easy-digital-downloads
Fixed in 3.2.0

References

CVE
CVE-2023-40005
URL
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-5-broken-access-control

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Nguyen Anh Tien
Verified
No
WPVDB ID
ee58cffb-57c1-4651-ab2c-23d76766be8e

Timeline

Publicly Published
2023-12-26 (about 4 months ago)
Added
2024-01-05 (about 4 months ago)
Last Updated
2024-01-05 (about 4 months ago)

Other

Published
Title
Published
2023-10-06
Title
Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization in Reviews Exporter
Published
2024-03-26
Title
Colibri Page Builder < 1.0.249 - Missing Authorization
Published
2024-04-29
Title
Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal
Published
2022-07-12
Title
Discy < 5.0 - Subscriber+ Broken Access Control to change settings
Published
2023-11-16
Title
wpMandrill <= 1.33 - Missing Authorization via getAjaxStats