Home

Description

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

PUBLISHED Reserved 2023-04-27 | Published 2025-05-15 | Updated 2025-05-16 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

Any version before 1.4
affected

Default status
unaffected

Any version before 1.6.6
affected

Credits

Erwan LR (WPScan) finder

WPScan coordinator

References

wpscan.com/...rability/95562684-2bb1-46f0-838c-8501db6b43ed/ exploit vdb-entry technical-description

cve.org (CVE-2023-2334)

nvd.nist.gov (CVE-2023-2334)

Download JSON