CVE-2022-2387

CVE-2022-2387: Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

Vendor Unknown
Product Easy Digital Downloads – Simple eCommerce for Selling Digital Files
Weakness CWE-352 · CSRF
Published November 7, 2022
Last update May 5, 2025

CVSS base score

What the vulnerability does

01Description

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

Key dates

02Disclosure timeline

November 7, 2022 CVE published
May 5, 2025 Record updated

Related vulnerabilities

04Related CVE