• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

WordPress Plugin: Easy Digital Downloads – Security Flaw Discovered and Patchedd

February 15, 2013Dre Armeda

0
SHARES
FacebookTwitterSubscribe

Last night we were contacted by Adam Pickering about a security flaw discovered in Easy Digital Downloads (EDD), a free WordPress eCommerce plugin that allows you to sell digital downloads. If you use EDD and haven’t done so already, please make sure to upgrade to Version 1.4.4.2 immediately!

The plugin author, Pippin Williamson received word about the flaw within hours of it being validated, and had a patched version up on the WordPress Plugin Directory within the hour.

Here is an excerpt from the post Pippin released on the official Easy Digital Downloads blog this morning:

Due to the nature of the flaw, we cannot go into detail about exactly what the flaw was or how it could be exploited, but it had to do with user accounts and it was severe. The flaw permitted an experienced user who knew exactly what they were doing (and knew how to exploit the issue) to potentially gain admin access to sites running specific versions of EDD with specific configurations.

EDD versions affected: 1.4.2 – 1.4.4.1.

Version 1.4.4.2 fixes the problem

Take Action

Bugs and security issues happen. With responsible authors like Pippin, you’ll get quick action to rectify any shortfalls found within their products. From there it’s on you to do the right thing and ensure you’re maintaining your site!

I personally validated this flaw, and the patch is indeed needed. I recommend you upgrade as soon as possible.


Leave us your comments or thoughts below. If you have questions about your site, feel free to email info@sucuri.net.

0
SHARES
FacebookTwitterSubscribe

Categories: Ecommerce Security, Vulnerability Disclosure, Website Security, WordPress SecurityTags: WordPress Plugins and Themes

About Dre Armeda

Dre Armeda was Sucuri’s founding CEO and Co-Founder who helped start up the company in 2010. Today, Dre is Sr. Director of Technical Program Management and serves as Head of Technical Program Management (TPM) for GoDaddy's Partners Business. As head of TPM, Dre leads the PMO and Program Delivery Teams, ultimately driving all the program management functions and supporting our partners. When Dre isn't executing strategic initiatives at GoDaddy, you can find him on the mat training in Jiu Jitsu as a Carlson Gracie brown belt. Connect with Dre on Twitter.

Reader Interactions

Comments

  1. Keith Davis

    February 15, 2013

    Given it a tweet Dre with a link back to this article.
    It’s tough out there – that’s why I signed up with you boys.

  2. yepi kizi

    February 23, 2013

    Thank you for this post, It was a great read which was extremely helpful.

  3. marukim

    March 11, 2013

    Thanks a lot. I like your blog.
    http://www.friv2jogos.com/

  4. Rudd

    March 11, 2013

    Nice. I heard nothing but only good things about EDD and Pippin. Glad he had taken fast action.

  5. Friv 2

    March 29, 2013

    Thanks post. good information.

  6. Y8

    May 10, 2013

    Additionally you make many valid points with compelling, completely
    unique content.
    Additionally you make many valid points with compelling, completely
    unique content.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

PCI Compliance Guide

How to Clean a Hacked Website Guide

WordPress Security Guide

How to know you can trust a plugin

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.