CVE-2024-12875

Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download

CVSS 4.9 MEDIUMEPSS 1.0%CWE-73

In short

The Easy Digital Downloads plugin for WordPress allows administrators to download files they shouldn't have access to by using directory traversal tricks. This could expose sensitive files on the server that contain private data.

Technical detail

The plugin's file download functionality in versions ≤3.3.2 fails to properly validate file paths, allowing authenticated administrators to traverse directories and read arbitrary files via path manipulation. The vulnerability requires Administrator-level privileges and enables information disclosure of sensitive server files.

Summary generated and translated by AI from the official description.

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

smub · Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://plugins.trac.wordpress.org/changeset/3131805/easy-digital-downloads/tags/3.3.3/includes/process-download.php https://www.wordfence.com/threat-intel/vulnerabilities/id/ec065da7-b8aa-414d-9673-5caf87ad45b5?source=cve