Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads by WordPress
CVE-2024-13517
4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 18 January 2025
What is CVE-2024-13517?
The Easy Digital Downloads plugin for WordPress is exploitable through a stored cross-site scripting vulnerability affecting all versions up to and including 3.3.2. This issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator rights to inject malicious scripts into page titles. These scripts execute when users interact with compromised pages, posing significant risks, especially in multi-site installations and environments with unfiltered_html disabled.
Affected Version(s)
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy * <= 3.3.2