First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Commissions |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2015-9508.
The severity of CVE-2015-9508 is medium with a severity value of 6.1.
The affected software for CVE-2015-9508 is Easy Digital Downloads (EDD) Commissions extension for WordPress.
This vulnerability can be exploited through XSS (Cross-Site Scripting) attacks.
Yes, a security fix has been released. Please refer to the reference link for more information.