The plugin does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
easy-digital-downloads | lt | 3.1.0.2 |