Skip to main content

Crucial Security Flaw Discovered and Fixed


Last night a crucial security flaw was discovered in the checkout process of Easy Digital Downloads and fixed immediately. Version 1.4.4.2 was pushed out and takes care of the issue. Please update immediately if you are on less than 1.4.4.2.

Due to the nature of the flaw, we cannot go into detail about exactly what the flaw was or how it could be exploited, but it had to do with user accounts and it was severe. The flaw permitted an experienced user who knew exactly what they were doing (and knew how to exploit the issue) to potentially gain admin access to sites running specific versions of EDD with specific configurations.

EDD versions affected: 1.4.2 – 1.4.4.1.

Version 1.4.4.2 fixes the problem

The flaw was discovered by Adam of Mint Themes, who, thankfully, reported it immediately, allowing us to send out a patch within 30 minutes of the discovery.

Pippin Williamson

About Pippin Williamson

Pippin Williamson is the founder of Sandhills Development, the parent company for Easy Digital Downloads, AffiliateWP, WP Simple Pay, Sugar Calendar, and others. When not writing PHP, he can often be found sipping coffee or brewing beer at Sandhills Brewing.

@pippinsplugins

2 comments

  1. Pippin Williamson

    Thanks for the recent updates Pippin.

    I have discovered a couple of bugs that have been getting me very frustrated. Where is the best place to report them?

    1. Pippin Williamson

Leave a Reply

Your email address will not be published. Required fields are marked *