What is CVE-2024-12875?

CVE-2024-12875 is a medium-severity vulnerability in Smub Easy Digital Downloads – Ecommerce Payments And Subscriptions Made, classified under External Control of File Name or Path. CVSS score: 4.9/10. Published 2024-12-21.

How severe is CVE-2024-12875?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Is CVE-2024-12875 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Smub Easy Digital Downloads – Ecommerce Payments And Subscriptions Made

CVE-2024-12875

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible f…

EPSS: 0.021 (84.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Smub Easy Digital Downloads – Ecommerce Payments And Subscriptions Made — versions 0

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-12875?: CVE-2024-12875 is a medium-severity vulnerability in Smub Easy Digital Downloads – Ecommerce Payments And Subscriptions Made, classified under External Control of File Name or Path. CVSS score: 4.9/10. Published 2024-12-21.
How severe is CVE-2024-12875?: Medium severity. CVSS v3 base score is 4.9 out of 10.
Is CVE-2024-12875 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.