First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Pdf Invoices |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability in CVE-2015-9518 is XSS (Cross-Site Scripting) due to the misuse of add_query_arg in Easy Digital Downloads (EDD) PDF Invoices extension for WordPress.
The severity of CVE-2015-9518 is rated as medium with a CVSS score of 6.1.
To mitigate the risk of CVE-2015-9518, users should update Easy Digital Downloads (EDD) PDF Invoices extension for WordPress to versions 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7 based on the affected versions.