Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads by WordPress
CVE-2024-13517

4MEDIUM

Key Information:

Vendor

Wordpress
Status
Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy
Vendor
CVE Published:
18 January 2025

What is CVE-2024-13517?

The Easy Digital Downloads plugin for WordPress is exploitable through a stored cross-site scripting vulnerability affecting all versions up to and including 3.3.2. This issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator rights to inject malicious scripts into page titles. These scripts execute when users interact with compromised pages, posing significant risks, especially in multi-site installations and environments with unfiltered_html disabled.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy * <= 3.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sajjad Ahmad
JSON
.