CVE-2021-39354

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads WordPress plugin versions up to and including 2.11.2

Description: The issue allows attackers to inject arbitrary web scripts via the start date and end date parameters found in the ~/includes/admin/payments/class-payments-table.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations: For versions up to and including 2.11.2, update to a version later than 2.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the ~/includes/admin/payments/class-payments-table.php file or disabling the use of the start date and end date parameters until a patch is available.