Description
WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently update prices on arbitrary items, display a list of all banned emails, change tax rates or mark arbitrary orders as paid without actually being paid. WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files version 2.1.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.2 or latest
References
Related Vulnerabilities
Grafana Missing Authorization Vulnerability (CVE-2023-2183)
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)
WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)