WordPress Easy Digital Downloads Google Sheet Connector Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Easy Digital Downloads Google Sheet Connector plugin, specifically in versions prior to 1.6.6. The issue arises because the plugin does not implement proper CSRF protection when users update their Access Code. This lack of validation could enable attackers to manipulate logged-in administrators into changing the access code to a value of the attacker's choosing.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the Access Code by exploiting the absence of CSRF checks, potentially allowing for further actions based on the modified access code.

Remediation

Users can update to Easy Digital Downloads Google Sheet Connector plugin version 1.6.6 or later to address this vulnerability. For those using the edd-google-sheet-connector-pro WordPress plugin, version 1.4 or later is recommended.