CVE-2022-0707

Summary

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownEasy Digital Downloads – Simple eCommerce for Selling Digital Files2.11.6 < 2.11.6affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References