CVE-2025-14783
📋 TL;DR
The Easy Digital Downloads WordPress plugin has an unvalidated redirect vulnerability in all versions up to 3.6.2. Unauthenticated attackers can manipulate the 'edd_redirect' parameter during password reset to redirect users to malicious websites. This affects all WordPress sites using the vulnerable plugin versions.
💻 Affected Systems
- Easy Digital Downloads WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users could be redirected to phishing sites that steal credentials or install malware, leading to account compromise or system infection.
Likely Case
Attackers create convincing phishing campaigns that redirect users to fake login pages to harvest credentials.
If Mitigated
With proper user awareness training and monitoring, users might recognize suspicious redirects before entering sensitive information.
🎯 Exploit Status
Exploitation requires social engineering to trick users into clicking malicious password reset links. The technical barrier is low once a malicious link is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3426524/easy-digital-downloads/trunk/includes/users/lost-password.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Easy Digital Downloads and click 'Update Now'. 4. Verify the plugin version is 3.6.3 or higher.
🔧 Temporary Workarounds
Disable password reset redirects
allModify the plugin code to remove or hardcode redirect functionality in password reset
Edit includes/users/lost-password.php around line 187 to remove edd_redirect parameter handling
Web Application Firewall rule
allBlock requests containing suspicious redirect URLs in the edd_redirect parameter
Add WAF rule: Block if request parameter 'edd_redirect' contains 'http://' or 'https://' with external domains
🧯 If You Can't Patch
- Temporarily disable the Easy Digital Downloads plugin if not critically needed
- Implement strict monitoring for requests containing 'edd_redirect' parameter with external URLs
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Easy Digital Downloads. If version is 3.6.2 or lower, you are vulnerable.Check Version:
wp plugin list --name=easy-digital-downloads --field=versionVerify Fix Applied:
After updating, verify the plugin version is 3.6.3 or higher. Test password reset functionality to ensure redirects only go to allowed domains.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'edd_redirect' parameter with external domains in access logs
- Multiple failed password reset attempts from same IP
Network Indicators:
- Outbound redirects to unfamiliar domains following password reset requests
SIEM Query:
source="web_access_logs" edd_redirect=*http* AND NOT edd_redirect=*yourdomain.com*🔗 References
- https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/includes/blocks/views/forms/lost-password.php#L24
- https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/includes/users/lost-password.php#L187
- https://plugins.trac.wordpress.org/changeset/3426524/easy-digital-downloads/trunk/includes/users/lost-password.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3c0fb43c-f576-412e-a144-4725356ed9a0?source=cve
