The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
References
Link | Resource |
---|---|
https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-10-23 09:15
Updated : 2021-10-26 09:26
NVD link : CVE-2015-9536
Mitre link : CVE-2015-9536
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
easydigitaldownloads
- twenty-twelve
sandhillsdev
- easy_digital_downloads