PT-2019-7469 · WordPress · Easy Digital Downloads (Edd) Cross-Sell Upsell Extension

Publicado

2019-10-23

·

Atualizado

2021-10-26

·

CVE-2015-9510

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.3.x through 2.3.6
Description The issue is related to a Cross-Site Scripting (XSS) problem due to the misuse of the add query arg function. This affects the Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress.
Recommendations For versions 1.8.x through 1.8.6, update to version 1.8.7 or later. For versions 1.9.x through 1.9.9, update to version 1.9.10 or later. For versions 2.0.x through 2.0.4, update to version 2.0.5 or later. For versions 2.1.x through 2.1.10, update to version 2.1.11 or later. For versions 2.2.x through 2.2.8, update to version 2.2.9 or later. For versions 2.3.x through 2.3.6, update to version 2.3.7 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-9510

Produtos afetados

Easy Digital Downloads (Edd) Cross-Sell Upsell Extension