CVE-2022-0706

Summary

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Affected Software

VendorProductVersion RangeStatus
UnknownEasy Digital Downloads – Simple eCommerce for Selling Digital Files2.11.6 < 2.11.6affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References