CVE-2024-2302

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads – Sell Digital Files & Subscriptions plugin for WordPress versions up to, and including, 3.2.9

Description The issue allows unauthenticated attackers to download the debug log via Directory Listing, potentially exposing sensitive information, including personally identifiable information (PII).

Recommendations For versions up to, and including, 3.2.9, update to a version higher than 3.2.9 to resolve the issue. As a temporary workaround, consider restricting access to the debug log file to prevent unauthorized downloads.