First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Csv Manager |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2015-9512.
The severity of CVE-2015-9512 is medium.
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress versions 1.8.x through 2.3.x is affected by CVE-2015-9512.
To fix CVE-2015-9512, update Easy Digital Downloads (EDD) CSV Manager extension for WordPress to version 2.3.7 or later.
You can find more information about CVE-2015-9512 at this link: [https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/](https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/)