Description

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently update prices on arbitrary items, display a list of all banned emails, change tax rates or mark arbitrary orders as paid without actually being paid. WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files version 2.1.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2 or latest

References

http://www.pritect.net/blog/easy-digital-downloads-2-1-vulnerabilities

Related Vulnerabilities

WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)

WordPress Plugin Web Forms for Vtiger wordpress Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0)

WordPress Plugin YITH WooCommerce Questions and Answers Security Bypass (1.1.9)

WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Authentication Bypass