First published: Mon Apr 18 2022(Updated: )
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | <2.11.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-0707.
The severity of CVE-2022-0707 is medium with a CVSS score of 4.3.
The affected software is the Easy Digital Downloads WordPress plugin up to and including version 2.11.6.
This vulnerability allows attackers to make a logged admin insert arbitrary notes via a CSRF attack.
Yes, you can find references for this vulnerability at the following links: [Reference 1](https://plugins.trac.wordpress.org/changeset/2697388), [Reference 2](https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117).