CVE-2022-33900 - Vulnerability Details - OpenCVE

ReportizFlow

PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Awesomemotive	Easy Digital Downloads

Configuration 1 [-]

cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability
https://wordpress.org/plugins/easy-digital-downloads/#developers

History

Tue, 28 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Awesomemotive Awesomemotive easy Digital Downloads
CPEs	cpe:2.3:a:sandhillsdev:easy_digital_downloads::::::wordpress::*	cpe:2.3:a:awesomemotive:easy_digital_downloads::::::wordpress::*
Vendors & Products	Sandhillsdev Sandhillsdev easy Digital Downloads	Awesomemotive Awesomemotive easy Digital Downloads

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-08-22T14:48:37.139Z

Updated: 2026-04-28T16:07:43.907Z

Reserved: 2022-06-30T00:00:00.000Z

Link: CVE-2022-33900

Vulnrichment

Updated: 2024-08-03T08:09:22.686Z

NVD

Status : Modified

Published: 2022-08-22T15:15:15.893

Modified: 2025-02-20T21:15:21.680

Link: CVE-2022-33900

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Easy Digital Downloads", "vendor": "Easy Digital Downloads", "versions": [{"lessThanOrEqual": "3.0.1", "status": "affected", "version": "<= 3.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "datePublic": "2022-08-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "PHP Object Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:07:43.907Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}], "solutions": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2022-08-10T11:40:00.000Z", "ID": "CVE-2022-33900", "STATE": "PUBLIC", "TITLE": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easy Digital Downloads", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 3.0.1", "version_value": "3.0.1"}]}}]}, "vendor_name": "Easy Digital Downloads"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PHP Object Injection"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"name": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}]}, "solution": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.686Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T19:27:14.030496Z", "id": "CVE-2022-33900", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T20:13:03.946Z"}}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-33900", "datePublished": "2022-08-22T14:48:37.139Z", "dateReserved": "2022-06-30T00:00:00.000Z", "dateUpdated": "2026-04-28T16:07:43.907Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.686Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-33900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-20T19:27:14.030496Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:27:15.431Z"}}], "cna": {"title": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Easy Digital Downloads", "product": "Easy Digital Downloads", "versions": [{"status": "affected", "version": "<= 3.0.1", "versionType": "custom", "lessThanOrEqual": "3.0.1"}]}], "solutions": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "datePublic": "2022-08-10T00:00:00.000Z", "references": [{"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "PHP Object Injection"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:07:43.907Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Vulnerability discovered by Robert Rowley (Patchstack)"}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "<= 3.0.1", "version_value": "3.0.1", "version_affected": "<="}]}, "product_name": "Easy Digital Downloads"}]}, "vendor_name": "Easy Digital Downloads"}]}}, "solution": [{"lang": "en", "value": "Update to 3.0.2 or higher version."}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "name": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", "refsource": "CONFIRM"}, {"url": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "name": "https://wordpress.org/plugins/easy-digital-downloads/#developers", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PHP Object Injection"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-33900", "STATE": "PUBLIC", "TITLE": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability", "ASSIGNER": "[email protected]", "DATE_PUBLIC": "2022-08-10T11:40:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-33900", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:07:43.907Z", "dateReserved": "2022-06-30T00:00:00.000Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2022-08-22T14:48:37.139Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBEAC57A-0D0D-4F7B-9876-E342640846E3", "versionEndIncluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de objetos en PHP en el plugin Easy Digital Downloads versiones anteriores a 3.0.1 incluy\u00e9ndola, en WordPress."}], "id": "CVE-2022-33900", "lastModified": "2025-02-20T21:15:21.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-08-22T15:15:15.893", "references": [{"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"source": "[email protected]", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}