Vulnerabilities

CVE-2025-14783 - Easy Digital Downloads <= 3.6.2 - unvalidated redirect in password reset flow vi...

2025-12-31 0 views admin

CVE ID : CVE-2025-14783 Published : Dec. 31, 2025, 6:24 a.m. | 34 minutes ago Description : The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14783

Published

Dec. 31, 2025

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14783wordpress

CVE-2025-14783 - Easy Digital Downloads <= 3.6.2 - unvalidated redirect in password reset flow vi...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-62124 - WordPress WP Post Signature plugin <= 0.4.1 - cross site scripting (xss) vulnera...

CVE-2025-62121 - WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1....

CVE-2025-62120 - WordPress OpenHook plugin <= 4.3.1 - cross site request forgery (csrf) vulnerabi...

CVE-2025-62119 - WordPress Add Featured Image Custom Link plugin <= 2.0.0 - cross site scripting ...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting