Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 – Sensitive Information Exposure | CVE 2024-2302 | Plugin Vulnerabilities

Description

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.

Affects Plugins

easy-digital-downloads

Fixed in 3.2.10

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0837ba20-4b47-4cc8-9eb3-322289513d79

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Colin Xu

Verified

No

WPVDB ID

96e351c0-213c-4478-a504-060b8d743458

Timeline

Publicly Published

2024-04-03 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2023-11-14

Title

EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log

Published

2024-11-08

Title

Quform - WordPress Form Builder < 2.21.0 - Unauthenticated Sensitive Information Exposure

Published

2024-05-07

Title

Ghost < 1.5.0 - Unauthenticated Sensitive Information Exposure

Published

2025-12-12

Title

Fix Media Library <= 2.0 - Unauthenticated Information Exposure

Published

2026-06-09

Title

Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee Export