First published: Tue Feb 21 2023(Updated: )
The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | <3.1.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0380.
The severity level of CVE-2023-0380 is medium.
The Easy Digital Downloads WordPress plugin before version 3.1.0.5 is affected by CVE-2023-0380.
CVE-2023-0380 could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Updating to version 3.1.0.5 or higher of the Easy Digital Downloads WordPress plugin will fix CVE-2023-0380.