CVE-2015-9519

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) PDF Stamper extension for WordPress versions 2.3.x through 2.3.6

Description The issue is related to a misuse of the add query arg function, which leads to a cross-site scripting (XSS) problem.

Recommendations For versions 1.8.x, update to version 1.8.7 or later. For versions 1.9.x, update to version 1.9.10 or later. For versions 2.0.x, update to version 2.0.5 or later. For versions 2.1.x, update to version 2.1.11 or later. For versions 2.2.x, update to version 2.2.9 or later. For versions 2.3.x, update to version 2.3.7 or later.