First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Invoices |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9516 is a vulnerability in the Easy Digital Downloads (EDD) Invoices extension for WordPress.
CVE-2015-9516 allows for cross-site scripting (XSS) attacks due to misuse of the add_query_arg function.
Versions 1.8.x, 1.9.x, 2.0.x, 2.1.x, 2.2.x, and 2.3.x of Easy Digital Downloads (EDD) before the specified patches are affected.
CVE-2015-9516 has a severity rating of 6.1, which is considered medium.
To fix CVE-2015-9516, update Easy Digital Downloads (EDD) Invoices extension for WordPress to versions 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7, depending on your current version.