Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads Plugin by WordPress
CVE-2024-0659
4.8MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 5 February 2024
What is CVE-2024-0659?
The Easy Digital Downloads plugin for WordPress, specifically versions up to and including 3.2.6, is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and insufficient output escaping in the variable pricing option title. Authenticated attackers with shop manager-level access could exploit this vulnerability to inject arbitrary web scripts into pages. When users access these compromised pages, the injected scripts would execute in their browsers, potentially leading to unauthorized access and data leakage.
Affected Version(s)
Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) * <= 3.2.6