First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Recurring Payments |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9525 is a vulnerability in the Easy Digital Downloads (EDD) Recurring Payments extension for WordPress.
CVE-2015-9525 affects Easy Digital Downloads versions 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7.
CVE-2015-9525 has a severity score of 6.1 (Medium).
The CWE ID for CVE-2015-9525 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
To fix CVE-2015-9525, you should upgrade Easy Digital Downloads to version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.