CVE-2015-9510

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 1.8.x through 1.8.6 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 1.9.x through 1.9.9 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.0.x through 2.0.4 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.1.x through 2.1.10 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.2.x through 2.2.8 Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress versions 2.3.x through 2.3.6

Description The issue is related to a Cross-Site Scripting (XSS) problem due to the misuse of the add query arg function. This affects the Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress.

Recommendations For versions 1.8.x through 1.8.6, update to version 1.8.7 or later. For versions 1.9.x through 1.9.9, update to version 1.9.10 or later. For versions 2.0.x through 2.0.4, update to version 2.0.5 or later. For versions 2.1.x through 2.1.10, update to version 2.1.11 or later. For versions 2.2.x through 2.2.8, update to version 2.2.9 or later. For versions 2.3.x through 2.3.6, update to version 2.3.7 or later.