Easy Digital Downloads Vulnerabilities
The Easy Digital Downloads WordPress plugin has 5 known security vulnerabilities, including 1 critical. The most recent was disclosed on October 19, 2021. Check whether your site runs an affected version below.
View Easy Digital Downloads on WordPress.orgSummary
Latest vulnerability disclosed on October 19, 2021.
Recommendation
WPSentry recommends extreme caution
Only run Easy Digital Downloads if it is updated to the latest patched release. This plugin has a history of 1 critical, potentially exploitable vulnerability. If you already use it, update immediately — or consider a safer alternative.
Is your site affected?
Run a free external scan to detect Easy Digital Downloads and 35+ other WordPress security checks — no login or plugin required.
Known Easy Digital Downloads vulnerabilities
- medium
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting
Affected versions: <=2.11.2Disclosed October 19, 2021 - medium
Easy Digital Downloads <= 2.10.3 - Reflected Cross-Site Scripting
Affected versions: <=2.10.3Disclosed May 4, 2021 - medium
Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.10.2 - Cross-Site Request Forgery
Affected versions: <=2.10.2Disclosed April 16, 2021 - medium
Easy Digital Downloads <= 2.10.2 - Cross-Site Request Forgery
Affected versions: <2.10.3Disclosed April 14, 2021 - critical
Easy Digital Downloads <= 2.5.7 - PHP Object Injection
Affected versions: <=2.5.7Disclosed March 2, 2016
How to stay protected
Update promptly
Keep Easy Digital Downloads on its latest release — most vulnerabilities are fixed in newer versions.
Scan regularly
Run an external scan after every update to catch outdated or vulnerable software early.
Monitor continuously
Enable monitoring to get alerted the moment a new issue affects your stack.