Easy Digital Downloads < 3.0.2 - Admin+ PHP Object Injection

2022-08-1000:00:00

wpscan.com

easy digital downloads

admin

php object injection

user input

unserialising

high privilege

security

0.001 Low

EPSS

Percentile

42.8%

The plugin does not validate user input before unserialising it, which could allow high privilege users to perform PHP Objection injection attacks

CPENameOperatorVersion
easy-digital-downloadslt3.0.2

CPE	Name	Operator	Version
	easy-digital-downloads	lt	3.0.2

0.001 Low

EPSS

Percentile

42.8%

Related for WPVDB-ID:76861F59-BD45-4C27-96BF-3DDF96456059