A vulnerability classified as critical has been found in Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability is traded as CVE-2024-35629. It is possible to launch the attack remotely. There is no exploit available.