First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Free Downloads |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9514 is a vulnerability in the Easy Digital Downloads (EDD) Free Downloads extension for WordPress.
CVE-2015-9514 affects EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7.
CVE-2015-9514 has a severity rating of 6.1 (Medium).
The CWE ID for CVE-2015-9514 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
To fix CVE-2015-9514, upgrade to EDD versions 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.