Unvalidated Redirect Vulnerability in Easy Digital Downloads Plugin for WordPress
CVE-2025-14783

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Digital Downloads – Ecommerce Payments And Subscriptions Made Easy
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-14783?

The Easy Digital Downloads plugin for WordPress is susceptible to an unvalidated redirect vulnerability present in all versions up to and including 3.6.2. This weakness arises from inadequate validation of the redirect URL provided via the 'edd_redirect' parameter, enabling potential exploitation by unauthenticated attackers. If an attacker successfully deceives a user into taking a specific action, they can redirect them through a password reset email to malicious websites, posing significant security risks.

Affected Version(s)

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 0 <= 3.6.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/easy-digital-d...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Dec 16, 2025

Credit

Angus Girvan

CVE-2025-14783 Data

JSON