The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
References
Link | Resource |
---|---|
https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
26 Oct 2021, 16:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:* |
Information
Published : 2019-10-23 17:15
Updated : 2023-12-10 13:13
NVD link : CVE-2015-9524
Mitre link : CVE-2015-9524
CVE.ORG link : CVE-2015-9524
JSON object : View
Products Affected
easydigitaldownloads
- recount_earnings
sandhillsdev
- easy_digital_downloads
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')