First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Amazon S3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9506 is a vulnerability in the Easy Digital Downloads (EDD) Amazon S3 extension for WordPress.
CVE-2015-9506 has a severity keyword of 'medium' and a severity value of 6.1.
Versions 1.8.x to 1.8.7, 1.9.x to 1.9.10, 2.0.x to 2.0.5, 2.1.x to 2.1.11, 2.2.x to 2.2.9, and 2.3.x to 2.3.7 of the Easy Digital Downloads (EDD) Amazon S3 extension for WordPress are affected by CVE-2015-9506.
CVE-2015-9506 exploits an XSS vulnerability by misusing the add_query_arg function.
To fix CVE-2015-9506, update the Easy Digital Downloads (EDD) Amazon S3 extension for WordPress to version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.