CVE-2022-0707
N/A
N/A
Summary
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Easy Digital Downloads – Simple eCommerce for Selling Digital Files | 2.11.6 < 2.11.6 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://plugins.trac.wordpress.org/changeset/2697388
- https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117
References
- https://plugins.trac.wordpress.org/changeset/2697388
- https://wpscan.com/vulnerability/50680797-61e4-4737-898f-e5b394d89117
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.