Easy Digital Downloads <= 2.9.15 – Stored XSS | CVE 2019-15116

Affects Plugins

easy-digital-downloads

Fixed in 2.9.16

References

CVE

CVE-2019-15116

URL

https://plugins.trac.wordpress.org/changeset?new=2104403%40easy-digital-downloads&old=2098922%40easy-digital-downloads

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

a21ee565-8d66-444b-be34-ccd6d2fb0ba5

Timeline

Publicly Published

2019-06-12 (about 6 years ago)

Added

2019-06-12 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2022-08-29

Title

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

Published

2024-06-22

Title

WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF

Published

2026-05-05

Title

LatePoint < 5.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update

Published

2026-05-05

Title

LatePoint < 5.5.1 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter

Published

2022-06-02

Title

Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting