Loading HuntDB...

GHSA-5cxp-2w3f-wh6m

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE

Advisory Details

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the wpdmpp_async_request() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.

Related CVEs

Key Information

GHSA ID
GHSA-5cxp-2w3f-wh6m
Published
September 25, 2024 3:30 AM
Last Modified
September 25, 2024 6:31 PM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 9, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.