First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Lattice |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9533 is a vulnerability in the Easy Digital Downloads (EDD) Lattice theme for WordPress.
The severity of CVE-2015-9533 is medium.
CVE-2015-9533 allows for cross-site scripting (XSS) attacks due to the misuse of the add_query_arg function.
Easy Digital Downloads (EDD) Lattice versions 1.8.x to 1.8.7, 1.9.x to 1.9.10, 2.0.x to 2.0.5, 2.1.x to 2.1.11, 2.2.x to 2.2.9, and 2.3.x to 2.3.7 are affected.
To fix CVE-2015-9533, update to Easy Digital Downloads (EDD) Lattice version 1.8.7, 1.9.10, 2.0.5, 2.1.11, 2.2.9, or 2.3.7.