CVE-2023-30869
CRITICAL EXPLOITED NUCLEIEasy Digital Downloads 3.1-3.1.1.4.1 - Unauthenticated Privilege Escalation
Title source: llmExploitation Summary
CVE-2023-30869 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.
Nuclei Templates (1)
Easy Digital Downloads - Privilege Escalation
CRITICALVERIFIEDby daffainfo
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
Patch, Third Party Advisory related
https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve
Scores
CVSS v3
9.8
EPSS
0.0310
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2023-05-02
CWE
CWE-287
Status
published
Products (2)
awesomemotive/easy_digital_downloads
3.1 - 3.1.1.4.2
Easy Digital Downloads/Easy Digital Downloads
3.1 - 3.1.1.4.1
Published
May 02, 2023
Tracked Since
Feb 18, 2026