First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Recount Earnings |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9524 is a vulnerability in the Easy Digital Downloads (EDD) Recount Earnings extension for WordPress.
CVE-2015-9524 has a severity rating of 6.1, which is considered medium.
CVE-2015-9524 affects Easy Digital Downloads versions 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7.
XSS stands for Cross-Site Scripting, which is a type of vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
To fix CVE-2015-9524, you should update Easy Digital Downloads to version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.