CVE-2023-2334

MEDIUM

edd-google-sheet-connector-pro <1.4/Easy Digital Downloads Google S...

Title source: llm

Description

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/95562684-2bb1-46f0-838c-8501db6b43ed/

Scores

CVSS v3 5.4

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-352

Status published

Affected Products (2)

westerndeal/easy_digital_downloads_google_sheet_connector < 1.6.6

gsheetconnector/edd_gsheetconnector < 1.4

Timeline

Published May 15, 2025

Tracked Since Feb 18, 2026