CVE-2022-2387

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads WordPress plugin versions prior to 3.0

Description The issue arises from the lack of a CSRF check when deleting payment history, and the failure to verify that the post to be deleted is actually a payment history. This allows attackers to make a logged-in admin delete arbitrary posts via a CSRF attack.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the payment history deletion functionality to minimize the risk of exploitation.