CVE-2023-30869: Critical Security Vulnerability Found in Popular WordPress Plugin

The world of digital e-commerce has experienced rapid growth, with many businesses relying on powerful plugins to manage their online stores. WordPress’s Easy Digital Downloads (EDD) plugin is a popular choice, offering limitless possibilities for digital creators to sell their products online without hidden listing fees or transaction limitations. However, a recent discovery of a critical security vulnerability within the plugin puts over 50,000 active installations at risk.

On April 21st, 2023, security researcher Nguyen Anh Tien uncovered a privilege escalation vulnerability (CVE-2023-30869) in the Easy Digital Downloads plugin versions 3.1.1.4.1 and below. This security flaw has a CVSS score of 9.8, indicating its severe nature.

The vulnerability allows any user, irrespective of their authentication and authorization status, to execute any action registered with the prefix ‘edd_’. This prefix is present in a method responsible for password resets, enabling attackers to reset passwords for any user, including administrators, as long as they know the targeted username.

This vulnerability stems from a lack of validation for the password reset key in the password reset function. Instead, the function directly changes the password for the given user, bypassing crucial security checks. The ability to call any action registered with the ‘edd_’ prefix further exacerbates this issue.

The developers of the Easy Digital Downloads plugin have addressed the CVE-2023-30869 vulnerability by releasing version 3.1.1.4.2. The patch prevents the function from being called directly and adds validation measures to ensure the legitimacy of the password reset key.

Users of the plugin should update to the latest version (3.1.1.4.2) immediately to protect their online stores and sensitive user data from potential exploitation.