First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Favorites |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9513 is a vulnerability in the Easy Digital Downloads (EDD) Favorites extension for WordPress.
CVE-2015-9513 affects Easy Digital Downloads versions 1.8.x through 2.3.x.
CVE-2015-9513 has a severity rating of 6.1 (medium).
CVE-2015-9513 is exploited through a cross-site scripting (XSS) vulnerability caused by the misuse of add_query_arg function in Easy Digital Downloads Favorites extension.
To fix CVE-2015-9513, update Easy Digital Downloads Favorites extension to version 2.3.7 or higher.