First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Content Restriction |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability CVE-2015-9509 is an XSS vulnerability in the Easy Digital Downloads (EDD) Content Restriction extension for WordPress.
The severity of CVE-2015-9509 is medium, with a CVSS score of 6.1.
Easy Digital Downloads (EDD) versions 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 are affected by CVE-2015-9509.
The vulnerability CVE-2015-9509 allows for cross-site scripting (XSS) attacks because the add_query_arg function is misused.
Yes, a security fix has been released for CVE-2015-9509. It is recommended to update to the latest version of the Easy Digital Downloads (EDD) Content Restriction extension for WordPress.