Filtered by vendor Awesomemotive
Subscribe
Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4670 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-08-12 | N/A | 5.4 MEDIUM |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-2252 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-08-08 | N/A | 5.3 MEDIUM |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | |||||
| CVE-2022-2387 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-05-05 | N/A | 4.3 MEDIUM |
| The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | |||||
| CVE-2022-3600 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-04-30 | N/A | 9.8 CRITICAL |
| The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||
| CVE-2022-33900 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-20 | N/A | 7.2 HIGH |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | |||||
| CVE-2015-9518 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Pdf Invoices | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9521 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Pushover Notifications | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9531 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Wish Lists | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9529 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Stripe | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9535 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Shoppette | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9528 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Software Licensing | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9324 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | |||||
| CVE-2015-9526 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Reviews | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2022-0707 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | |||||
| CVE-2015-9516 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Invoices | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9532 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Digital Store | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2023-30869 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | |||||
| CVE-2015-9522 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Qr Code | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9511 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Conditional Success Redirects | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||
| CVE-2015-9515 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Htaccess Editor | 2025-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | |||||