Easy Digital Downloads <= 2.5.7 - PHP Object Injection



Description
Easy Digital Downloads unserializes user-submitted data from cookies and other request parameters, allowing for object injection.

Affects Plugin

fixed in version 2.5.8

References

URL https://github.com/easydigitaldownloads/Easy-Digital-Downloads/commit/7e83d2737b430c76f515b5433ee067fa5e6b1d4f

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Submitter Danny van Kooten
Submitter Website http://dvk.co/
Submitter Twitter dannyvankooten
Views 4646
Verified No
WPVDB ID 8404

Timeline

Publicly Published 2016-03-02 (almost 4 years ago)
Added 2016-03-03 (almost 4 years ago)
Last Updated 2019-10-31 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin