Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF
CVE-2022-0707
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 18 April 2022
What is CVE-2022-0707?
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
Affected Version(s)
Easy Digital Downloads – Simple eCommerce for Selling Digital Files 2.11.6