WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation
CVE-2023-30869

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Easy Digital Downloads
Vendor: CVE Published:; 2 May 2023

Summary

An improper authentication vulnerability exists in the Easy Digital Downloads plugin, allowing unauthorized users to escalate privileges without proper authentication. This flaw impacts versions 3.1 through 3.1.1.4.1, potentially enabling attackers to gain elevated access and control. Users are advised to update their plugins promptly to mitigate this risk.

Affected Version(s)

Easy Digital Downloads 3.1 <= 3.1.1.4.1

References

https://patchstack.com/database/vulnerability/easy-digita...

vdb-entry

https://patchstack.com/articles/critical-easy-digital-dow...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2023
Vulnerability Reserved
Apr 19, 2023

Credit

Tien Nguyen Anh (Patchstack Alliance)