First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Upload File |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9530 is a vulnerability in the Easy Digital Downloads (EDD) Upload File extension for WordPress.
CVE-2015-9530 affects Easy Digital Downloads versions 1.8.x, 1.9.x, 2.0.x, 2.1.x, 2.2.x, and 2.3.x.
The severity of CVE-2015-9530 is medium, with a CVSS score of 6.1.
To fix CVE-2015-9530, you should update Easy Digital Downloads to version 1.8.7 or later, 1.9.10 or later, 2.0.5 or later, 2.1.11 or later, 2.2.9 or later, or 2.3.7 or later.
CVE-2015-9530 is in CWE category 79, which is cross-site scripting (XSS).