Easy digital downloads
This hub aggregates every CVE we track for Easy digital downloads, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
62
CVEs tracked
6
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM52CRITICAL6LOW2HIGH2
Monthly trend
0
3
1
0
1
3
1
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Easy digital downloads.
- CVE-2026-39503WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability7.5
- CVE-2025-4670Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode6.4
- CVE-2025-2252Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure5.3
- CVE-2024-13517Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title4.4
- CVE-2024-12875Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download4.9
- CVE-2024-9654Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass3.7
- CVE-2023-40005WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control5.3
- CVE-2024-43162WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability4.3
- CVE-2022-2439Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization7.2
- CVE-2024-5057WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability9.3
- CVE-2024-6692Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text3.3
- CVE-2024-6691Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings4.4
- CVE-2024-35629WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability9.6
- CVE-2024-32100WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability5.3
- CVE-2024-31113WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability4.3
Product normalization is registry-driven with AI assist and human review. How it works