This could be used in advanced malicious ways, for example, uploading a malicious CSV file to an online store and then using the Easy Digital Downloads plugin to import the file.
Version 3.1.0.2 and earlier of the Easy Digital Downloads plugin does not properly validate the email address when a user purchases a digital product with it. This could result in a customer’s email address being disclosed if a hacker has access to the customer’s WordPress site.
Version 3.1.0.2 and earlier of the Easy Digital Downloads plugin does not properly validate the password when a customer purchases a digital product with it, which could cause a customer’s password to be revealed if a hacker has access to the customer’s WordPress site.
Version 3.1.0.2 and earlier of the Easy Digital Downloads plugin does not properly validate the phone number when a customer purchases a digital product with it, which could cause a customer’s phone number to be revealed if a hacker has access to the customer’s WordPress site.
Plugin developers should avoid SQL injection, inadequate sanitization, and insecure uploads when possible.
WordPress developers should avoid storing user data in insecure locations and should ensure that user data is properly sanitized before being stored in the database.
SQL Injection (SQLi)
SQL injection is a vulnerability that arises when user data is improperly sanitized before being stored in the database. SQLi can be used to read or modify data in a database. It typically occurs when user data is not properly filtered, escaped, or prepared for use in an SQL query. The most common example of a SQL injection attack would be to add or modify malicious criteria into an SQL statement sent to a website that uses WordPress as its Web application and the Easy Digital Downloads plugin as its shopping cart software. In this scenario, the following might occur:
A hacker sends a crafted query (e.g., “update products set price = 10 where id = 1”) which causes the following update statement to execute on the server:
UPDATE products SET price = 10 WHERE id = 1
Timeline
Published on: 11/21/2022 11:15:00 UTC
Last modified on: 11/23/2022 15:48:00 UTC