Is CVE-2023-23489 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Easy Digital Downloads Wordpress Plugin

Q: What is CVE-2023-23489?

CVE-2023-23489 is a vulnerability in Easy Digital Downloads Wordpress Plugin. Published 2023-01-20.

CVE-2023-23489

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.

EPSS: 0.807 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a Easy Digital Downloads Wordpress Plugin — versions < 3.1.0.4

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
JoshuaMart/JoshuaMart

References

www.tenable.com/security/research/tra-2023-2

Frequently asked questions

What is CVE-2023-23489?: CVE-2023-23489 is a vulnerability in Easy Digital Downloads Wordpress Plugin. Published 2023-01-20.
Is CVE-2023-23489 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.