Headline
CVE-2022-33900: WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability - Patchstack
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
Verified
Fixed
4.1
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
ea831109a8b0
Classification
PHP Object Injection
OWASP Top 10
A1: Injection
Required privilege
Requires shop manager (plugin specific custom user role) or higher role user authentication.
Publicly disclosed
2022-08-10
Details
PHP Object Injection vulnerability was discovered by Robert Rowley (Patchstack) in the WordPress Easy Digital Downloads plugin (versions <= 3.0.1).
Solution
Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0.2).
References
Vulnerability details