First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Stripe |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2015-9529.
The severity of CVE-2015-9529 is medium.
The Easy Digital Downloads Stripe extension for WordPress versions 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 are affected by CVE-2015-9529.
CVE-2015-9529 is a vulnerability in the Easy Digital Downloads Stripe extension for WordPress, which allows for cross-site scripting (XSS) attacks due to misuse of the add_query_arg function.
To fix the vulnerability, update the Easy Digital Downloads Stripe extension to version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.