First published: Wed Oct 23 2019(Updated: )
The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sandhillsdev Easy Digital Downloads | >=1.8<1.8.7 | |
Sandhillsdev Easy Digital Downloads | >=1.9<1.9.10 | |
Sandhillsdev Easy Digital Downloads | >=2.0<2.0.5 | |
Sandhillsdev Easy Digital Downloads | >=2.1<2.1.11 | |
Sandhillsdev Easy Digital Downloads | >=2.2<2.2.9 | |
Sandhillsdev Easy Digital Downloads | >=2.3<2.3.7 | |
Easydigitaldownloads Twenty-twelve |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9536 is a cross-site scripting (XSS) vulnerability in the Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress.
CVE-2015-9536 has a severity rating of 6.1 (medium).
CVE-2015-9536 affects Easy Digital Downloads (EDD) versions 1.8.x to 2.3.x.
CVE-2015-9536 allows an attacker to perform cross-site scripting (XSS) attacks due to misuse of the add_query_arg function.
Yes, a security fix for CVE-2015-9536 has been released. It is recommended to update to the latest version of Easy Digital Downloads (EDD) to mitigate this vulnerability.