WordPress Plugin Vulnerabilities

Multiple Easy Digital Downloads Plugins - Cross-Site Scripting Issue

Description

Some of the extension were also vulnerable, but could not determine their slug/fixed version, such as the edd-amazon-s3 (fixed in ??)

Affects Plugins

Plugin icon
easy-digital-downloads
Fixed in 2.3.7

References

CVE
CVE-2015-9505
CVE
CVE-2015-9506
CVE
CVE-2015-9507
CVE
CVE-2015-9508
CVE
CVE-2015-9509
CVE
CVE-2015-9510
CVE
CVE-2015-9511
CVE
CVE-2015-9512
CVE
CVE-2015-9513
CVE
CVE-2015-9514
CVE
CVE-2015-9515
CVE
CVE-2015-9516
CVE
CVE-2015-9517
CVE
CVE-2015-9518
CVE
CVE-2015-9519
CVE
CVE-2015-9520
CVE
CVE-2015-9521
CVE
CVE-2015-9522
CVE
CVE-2015-9523
CVE
CVE-2015-9524
CVE
CVE-2015-9525
CVE
CVE-2015-9526
CVE
CVE-2015-9527
CVE
CVE-2015-9528
CVE
CVE-2015-9529
CVE
CVE-2015-9530
CVE
CVE-2015-9531
URL
https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
4a9f4527-2d78-4f34-92f0-d19266cc95e2

Timeline

Publicly Published
2015-04-20 (about 11 years ago)
Added
2020-02-10 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-03-24
Title
Custom Product Stickers for Woocommerce <= 1.9.0 - Reflected Cross-Site Scripting
Published
2024-12-11
Title
Check Pincode For Woocommerce < 1.2 - Reflected Cross-Site Scripting
Published
2023-07-04
Title
Mobile Call Now & Map Buttons <= 1.5.0 - Admin+ Stored XSS
Published
2016-10-13
Title
Headway Theme < 3.8.9 - Authenticated Cross-Site Scripting (XSS)
Published
2025-05-07
Title
Ultimate Blocks < 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting