CVE-2022-2387

MEDIUM

Easy Digital Downloads < 3.0 - Cross-Site Request Forgery via Payment History Deletion

Title source: llm
STIX 2.1

Description

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0029
EPSS Percentile 20.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
awesomemotive/easy_digital_downloads < 3.0
Published Nov 07, 2022
Tracked Since Feb 18, 2026