CVE-2024-9654

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Dec 17, 2024

CWE ID 863

Summary

CVE-2024-9654 is a vulnerability affecting the Easy Digital Downloads plugin for WordPress versions 3.1 through 3.3.4. This issue arises due to insufficient validation checks within the 'verify_guest_email' function, allowing unauthenticated attackers to bypass intended security restrictions and access other users' purchase receipts. These receipts contain download links for paid content, posing a risk of unauthorized access and data theft. Exploitation of this vulnerability requires knowledge of another user's email address and the file ID of the purchased content.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zUah-0
https://www.cve.org/CVERecord?id=CVE-2024-9654
https://nvd.nist.gov/vuln/detail/CVE-2024-9654

Back to Vulnerability Database

CVE-2024-9654

CVSS 3.1 Score 3.7 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations