CVE-2015-9506

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) Amazon S3 extension for WordPress versions 2.3.x through 2.3.6

Description The issue is related to a misuse of the add query arg function, leading to a cross-site scripting (XSS) problem. This affects the Easy Digital Downloads (EDD) Amazon S3 extension for WordPress when used with specific versions of EDD.

Recommendations For versions 1.8.x through 1.8.6, update to version 1.8.7 or later. For versions 1.9.x through 1.9.9, update to version 1.9.10 or later. For versions 2.0.x through 2.0.4, update to version 2.0.5 or later. For versions 2.1.x through 2.1.10, update to version 2.1.11 or later. For versions 2.2.x through 2.2.8, update to version 2.2.9 or later. For versions 2.3.x through 2.3.6, update to version 2.3.7 or later.