CVE-2015-9511

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) versions 2.3.x through 2.3.6

Description The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress has a cross-site scripting (XSS) issue due to the misuse of the add query arg function.

Recommendations For versions 1.8.x through 1.8.6, update to version 1.8.7 or later. For versions 1.9.x through 1.9.9, update to version 1.9.10 or later. For versions 2.0.x through 2.0.4, update to version 2.0.5 or later. For versions 2.1.x through 2.1.10, update to version 2.1.11 or later. For versions 2.2.x through 2.2.8, update to version 2.2.9 or later. For versions 2.3.x through 2.3.6, update to version 2.3.7 or later.