First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Recommended Products |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9523 is a vulnerability in the Easy Digital Downloads (EDD) Recommended Products extension for WordPress.
The severity of CVE-2015-9523 is medium with a CVSS score of 6.1.
CVE-2015-9523 affects Easy Digital Downloads versions 1.8.x to 2.3.x.
The XSS vulnerability in CVE-2015-9523 can be exploited through misuse of the add_query_arg function in the EDD Recommended Products extension.
Yes, a security fix has been released for CVE-2015-9523. It is recommended to update Easy Digital Downloads to the latest version.