CVE-2025-4670 | Easy Digital Downloads Plugin up to 3.3.8.1 on WordPress Shortcode edd_receipt cross site scripting

Inserito da Angelo Barbosa | Mag 29, 2025 | CVE

A vulnerability was found in Easy Digital Downloads Plugin up to 3.3.8.1 on WordPress. It has been classified as problematic. Affected is the function edd_receipt of the component Shortcode Handler. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2025-4670. It is possible to launch the attack remotely. There is no exploit available.

CVE-2025-4670 | Easy Digital Downloads Plugin up to 3.3.8.1 on WordPress Shortcode edd_receipt cross site scripting

Post correlati

CVE-2025-4611 | Slim SEO Plugin up to 4.5.3 on WordPress Shortcode slim_seo_breadcrumbs cross site scripting

CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

CVE-2024-45230 | Django up to 4.2.15/5.0.8/5.1.0 django.utils.html.urlize denial of service

CVE-2024-37675 | Tessi Docubase Document Management 5.x Note sectionContent cross site scripting