PT-2019-7479 · WordPress · Easy Digital Downloads (Edd) Per Product Emails Extension

Publicado

2019-10-23

·

Atualizado

2021-10-26

·

CVE-2015-9520

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) Per Product Emails extension for WordPress versions 2.3.x through 2.3.6
Description The issue is related to a misuse of the add query arg function, which leads to a cross-site scripting (XSS) problem.
Recommendations For versions 1.8.x, update to version 1.8.7 or later. For versions 1.9.x, update to version 1.9.10 or later. For versions 2.0.x, update to version 2.0.5 or later. For versions 2.1.x, update to version 2.1.11 or later. For versions 2.2.x, update to version 2.2.9 or later. For versions 2.3.x, update to version 2.3.7 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-9520

Produtos afetados

Easy Digital Downloads (Edd) Per Product Emails Extension