Easy Digital Downloads <= 2.5.7 - PHP Object Injection



Description
Easy Digital Downloads unserializes user-submitted data from cookies and other request parameters, allowing for object injection.

Affects Plugin

fixed in version 2.5.8

References

URL https://github.com/easydigitaldownloads/Easy-Digital-Downloads/commit/7e83d2737b430c76f515b5433ee067fa5e6b1d4f

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Submitter Danny van Kooten
Submitter Website http://dvk.co/
Submitter Twitter dannyvankooten
Views 4485
Verified No
WPVDB ID 8404

Timeline

Publicly Published 2016-03-02 (over 3 years ago)
Added 2016-03-03 (over 3 years ago)
Last Updated 2018-04-12 (over 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin