WordPress Plugin Vulnerabilities

Easy Digital Downloads < 3.6.3 - Unvalidated Redirect

Description

The plguin is vulnerable to Unvalidated Redirect due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
easy-digital-downloads
Fixed in 3.6.3

References

CVE
CVE-2025-14783
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c0fb43c-f576-412e-a144-4725356ed9a0

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
shark3y
Verified
No
WPVDB ID
ca3213e5-ba96-433c-a184-b09161a49c58

Timeline

Publicly Published
2025-12-30 (about 5 months ago)
Added
2026-01-05 (about 5 months ago)
Last Updated
2026-01-05 (about 5 months ago)

Other

Published
Title
Published
2024-06-05
Title
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
Published
2025-08-14
Title
elink <= 1.1.0 - Contributor+ Arbitrary Redirect
Published
2015-07-05
Title
StageShow <= 5.0.8 - Open Redirect
Published
2025-10-10
Title
CM Registration – Tailored tool for seamless login and invitation-based registrations < 2.5.7 - Open Redirect
Published
2023-10-25
Title
Parcel Pro < 1.6.12 - Open Redirect