N/A
2026-04-20< 3.6.6
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.6.5 - Missing Authorization
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Minimum safe version
3.6.6
Update to 3.6.6 or later to address 75 fixable vulnerabilities
Latest available3.6.7 ✓Affected up to3.3.4 ⚠
Medium 4.3
2025-12-31< 3.6.3
CVE-2025-14783
Medium 5.3
2025-11-06< 3.5.3
CVE-2025-11271
Medium 5.4
2025-08-20< 3.5.1
Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions
Medium 6.4
2025-05-29< 3.3.9
Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode
Medium 5.3
2025-03-25< 3.3.7
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure
Medium 4.4
2025-01-18< 3.3.3
CVE-2024-13517
Medium 4.9
2024-12-21< 3.3.3
CVE-2024-12875
Low 3.7
2024-12-16≥ 3.1 and ≤ 3.3.4
Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass
High 7.2
2024-09-24< 3.3.4
CVE-2022-2439
High 8.8
2024-11-01< 3.3.1
CVE-2024-43162
Low 3.1
2024-08-12< 3.3.3
WordPress Easy Digital Downloads Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)
Medium 4.0
2024-08-10< 3.3.3
CVE-2024-6691
Critical 9.8
2024-08-29< 3.3.1
CVE-2024-5057
High 7.5
2024-05-13< 3.2.12
CVE-2024-32100
High 8.8
2024-05-10< 3.2.12
CVE-2024-31113
High 8.8
2024-04-12< 3.2.7
CVE-2024-31293
Medium 5.3
2024-04-09< 3.2.10
CVE-2024-2302
Medium 4.8
2024-02-05< 3.2.7
CVE-2024-0659
Medium 5.3
2024-12-26< 3.2.0
WordPress Easy Digital Downloads Plugin <= 3.1.5 is vulnerable to Broken Access Control
Medium 6.5
2024-12-27< 3.2.6
WordPress Easy Digital Downloads Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-06-07< 3.1.2
Easy Digital Downloads <= 3.1.1.4.2 - Cross-Site Request Forgery via edd_trigger_upgrades
N/A
2023-06-08< 3.1.2
WordPress Easy Digital Downloads Plugin <= 3.1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2023-05-02≥ 3.1 and ≤ 3.1.1.4.1
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation
Critical 9.8
2023-05-02≥ 3.1 and ≤ 3.1.1.4.1
CVE-2023-30869
Medium 5.4
2023-02-21< 3.1.0.5
CVE-2023-0380
Critical 9.8
2023-01-20< 3.1.0.4
CVE-2023-23489
N/A
2016-03-02< 2.5.8
Easy Digital Downloads <= 2.5.7 - PHP Object Injection
N/A
< 2.5.8
Easy Digital Downloads < 2.5.8 - PHP Object Injection
N/A
< 2.10.3
Easy Digital Downloads < 2.10.3 - Unauthorised Stripe Disconnect via CSRF
N/A
2021-04-14< 2.10.3
Easy Digital Downloads <= 2.10.2 - Cross-Site Request Forgery
N/A
2021-04-16< 2.10.3
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.10.2 - Cross-Site Request Forgery
N/A
2021-05-04< 2.10.4
Easy Digital Downloads <= 2.10.3 - Reflected Cross-Site Scripting
N/A
2021-10-19< 2.11.2.1
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting
Critical 9.8
2022-11-21< 3.1.0.2
CVE-2022-3600
Medium 4.3
2022-11-07< 3.0
CVE-2022-2387
Medium 4.1
2022-08-22< 3.1.1.4.2
CVE-2022-33900
N/A
2016-03-02< 2.5.8
WordPress Easy Digital Downloads Plugin <= 2.5.7 - PHP Object Injection
N/A
2017-03-31< 2.8
WordPress Easy Digital Downloads plugin <= 2.7.11 - Information Disclosure Vulnerability
N/A
2019-06-16< 2.9.16
WordPress Easy Digital Downloads plugin <= 2.9.15 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2021-04-16< 2.10.3
WordPress Easy Digital Downloads plugin <= 2.10.2 - Cross-Site Request Forgery (CSRF) vulnerability
Medium 4.8
2022-04-18< 2.11.6
CVE-2022-0706
Medium 4.3
2022-04-18< 2.11.6
CVE-2022-0707
Critical 9.8
2020-09-22< 2.3.3
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.2 - SQL Injection
Medium 6.1
2019-08-16< 2.9.16
CVE-2019-15116
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9536
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9532
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9525
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9534
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9529
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9527
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9523
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9524
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9521
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9522
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9514
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9520
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9519
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9535
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9516
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9533
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9515
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9531
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9530
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9513
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9528
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9512
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9526
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9505
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9511
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9510
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9509
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9508
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9507
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9506
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9518
Medium 6.1
2019-10-23< 2.3.7
CVE-2015-9517
Medium 4.8
2021-10-21< 2.11.2.1
CVE-2021-39354