Login
Get Started

Easy Digital Downloads Blog

WordPress Tutorials, Tips, and Resources to Help Grow Your Business

Crucial Security Flaw Discovered and Fixed

Last Updated:

  • March 7, 2019
Reader Disclosure
author image
By Pippin Williamson
reviewer image
REVIEWED By Chris Klosowski President

Last night a crucial security flaw was discovered in the checkout process of Easy Digital Downloads and fixed immediately. Version 1.4.4.2 was pushed out and takes care of the issue. Please update immediately if you are on less than 1.4.4.2.

Due to the nature of the flaw, we cannot go into detail about exactly what the flaw was or how it could be exploited, but it had to do with user accounts and it was severe. The flaw permitted an experienced user who knew exactly what they were doing (and knew how to exploit the issue) to potentially gain admin access to sites running specific versions of EDD with specific configurations.

EDD versions affected: 1.4.2 – 1.4.4.1.

Version 1.4.4.2 fixes the problem

The flaw was discovered by Adam of Mint Themes, who, thankfully, reported it immediately, allowing us to send out a patch within 30 minutes of the discovery.

Popular Resources

Enable Secure Magic Login Links at Checkout in WordPress
Through Several Rounds of Beta Testing
Out of Beta and Ready for Use!
New Template System in v1.0.3, and Other Improvements
Email News Letter Add-Ons Available

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how EDD is funded, why it matters, and how you can support us.

Pippin Williamson
Pippin Williamson is the founder of Sandhills Development, the parent company for Easy Digital Downloads, AffiliateWP, WP Simple Pay, Sugar Calendar, and others. When not writing PHP, he can often be found sipping coffee or brewing beer at Sandhills Brewing.

Experience Seamless Selling with EDD

Effortlessly manage your digital store with powerful tools and secure transactions

Popular on EDD Right Now!

How to Move From a Marketplace to Your Own WordPress Store
How to Move From a Marketplace to Your Own WordPress Store
Marketplace fees keep rising and platform rules keep changing. But your customers don't have to belong to someone else. Here's…
Enable One-Time Magic Login Links at Checkout in WordPress for Your Returning Customers
Enable Secure Magic Login Links at Checkout in WordPress
Returning customers abandon carts when they can't remember their password. Easy Digital Downloads (EDD) now lets them log in at…

Start selling today!

Join over 50,000 smart store owners, and start using the easiest way to sell digital products with WordPress.

Company

Helpful Links

Copyright © 2025 Sandhills Development, LLC