The plugin did not property check for CSRF when disconnecting Stripe, allowing attackers to make logged in users with the manage_options capability disconnect the Stripe gateway via a CSRF attack.
https://example.com/wp-admin/admin-post.php?page=edd-settings&edds-stripe-disconnect=1
2021-04-16 (about 1 years ago)
2021-04-16 (about 1 years ago)
2021-04-16 (about 1 years ago)