CVE Published: 07/11/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: WPScan |
Vendor: Unknown |
Product: Easy Digital Downloads – Simple eCommerce for Selling Digital Files Status : PUBLISHED
CVE-2022-2387 Description
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack