Multiple Easy Digital Downloads Plugins - Cross-Site Scripting Issue



Description
Some of the extension were also vulnerable, but could not determine their slug/fixed version, such as the edd-amazon-s3 (fixed in ??)

Affects Plugin

References

CVE 2015-9505
CVE 2015-9506
CVE 2015-9507
CVE 2015-9508
CVE 2015-9509
CVE 2015-9510
CVE 2015-9511
CVE 2015-9512
CVE 2015-9513
CVE 2015-9514
CVE 2015-9515
CVE 2015-9516
CVE 2015-9517
CVE 2015-9518
CVE 2015-9519
CVE 2015-9520
CVE 2015-9521
CVE 2015-9522
CVE 2015-9523
CVE 2015-9524
CVE 2015-9525
CVE 2015-9526
CVE 2015-9527
CVE 2015-9528
CVE 2015-9529
CVE 2015-9530
CVE 2015-9531
URL https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 687
Verified No
WPVDB ID 10067

Timeline

Publicly Published 2015-04-20 (about 5 years ago)
Added 2020-02-10 (5 months ago)
Last Updated 2020-02-12 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin