CVE-2025-8102

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads versions prior to 3.5.1

Description: The Easy Digital Downloads plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validations in the edd sendwp disconnect() and edd sendwp remote install() functions. This allows unauthenticated attackers to deactivate or download and activate the SendWP plugin through a forged request by tricking a site administrator into performing an action, such as clicking a link.

Recommendations: Update Easy Digital Downloads to version 3.5.1 or later. As a temporary workaround, consider disabling the SendWP plugin until a patch is available.