汇总 sandhillsdev 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 CSRF与SQL 注入 等问题,部分漏洞可能导致 文件覆盖,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-32100 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | [email protected] | 5.3 | 0.60% | 2024-05-14 | 2026-06-17 |
| CVE-2024-31113 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | [email protected] | 4.3 | 0.22% | 2024-05-14 | 2026-06-17 |
| CVE-2024-31293 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | [email protected] | 4.3 | 0.23% | 2024-04-12 | 2026-06-17 |
| CVE-2023-0380 | The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.46% | 2023-02-21 | 2026-06-17 |
| CVE-2023-23489 | The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | [email protected] | 9.8 | 11.17% | 2023-01-20 | 2026-06-17 |