CVE-2024-12875

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress versions up to 3.3.2

Description The issue allows authenticated attackers with Administrator-level access and above to read the contents of arbitrary files on the server via the file download functionality. This can potentially expose sensitive information.

Recommendations For versions up to 3.3.2, update to a version higher than 3.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the file download functionality until a patch is available.