First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Qr Code |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9522 is a vulnerability in the Easy Digital Downloads (EDD) QR Code extension for WordPress, which allows for XSS attacks.
The severity of CVE-2015-9522 is medium with a CVSS score of 6.1.
Easy Digital Downloads (EDD) versions 1.8.x, 1.9.x, 2.0.x, 2.1.x, 2.2.x, and 2.3.x are affected by CVE-2015-9522.
To fix CVE-2015-9522, update Easy Digital Downloads (EDD) to version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.
You can find more information about CVE-2015-9522 at the following link: [Security Fix Released](https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/)