CVE-2021-39354
Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
We have discovered 52 live websites that are affected by CVE-2021-39354.
Affected Software
| Product | |
| Category | Ecommerce |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 168 |
| Vulnerable Domains | 52 live websites (0.28% of Easy Digital Downloads install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-39354 and the relative popularity of websitesDetails
- Published - Oct 21, 2021
- Updated - Oct 22, 2021
Credits
- Thinkland Security Team
CWE
CVE References
CWE References
Countries
 United States | 31 websites |
 France | 5 websites |
 Australia | 2 websites |
 Germany | 2 websites |
 Iran | 2 websites |
 Italy | 2 websites |
 Canada | 1 websites |
 Cyprus | 1 websites |
 GB | 1 websites |
 India | 1 websites |
TLDs
| .com | 38 websites |
| .net | 3 websites |
| .com.au | 2 websites |
| .ca | 1 websites |
| .fr | 1 websites |
| .io | 1 websites |
| .it | 1 websites |
| .org | 1 websites |
| .ru | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-39354 through included software libraries and plugins.References
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39354
- https://plugins.trac.wordpress.org/changeset/2616149/easy-digital-downloads/trunk/includes/admin/payments/class-payments-table.php
- https://github.com/BigTiger2020/word-press/blob/main/Easy%20Digital%20Downloads.md
Websites affected by CVE-2021-39354
Top websites that are affected by CVE-2021-39354. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.com | United States | **,*** | |
| *****.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ***********.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| ******.org | United States | *,***,*** | |
| ************.com | United States | *,***,*** | |
| ***.*****.com | United States | *,***,*** | |
| ********.com | United States | *,***,*** | |
| **************.com | United States | *,***,*** |