CVE-2024-5057

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

9.3 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
History

07 Feb 2025, 19:44

Type Values Removed Values Added
CPE cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:* cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
First Time Awesomemotive
Awesomemotive easy Digital Downloads
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 9.3

20 Sep 2024, 19:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.3 		v2 : unknown
v3 : 9.8
First Time Sandhillsdev
Sandhillsdev easy Digital Downloads
Summary
  • (es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Easy Digital Downloads permite la inyección SQL. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.12.
CPE cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
References () https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve - Third Party Advisory

29 Aug 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-29 14:15

Updated : 2025-02-07 19:44

NVD link : CVE-2024-5057

Mitre link : CVE-2024-5057

CVE.ORG link : CVE-2024-5057

JSON object : View

Products Affected

awesomemotive

  • easy_digital_downloads
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')