CVE-2015-9506

The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

View Full Alert

Related Posts

  • CVE-2015-6960

    edx-platform before 2015-09-17 allows XSS via a team name. View Full Alert

  • CVE-2015-9297

    The events-manager plugin before 5.6 for WordPress has XSS. View Full Alert

  • CVE-2015-9295

    The contact-form-plugin plugin before 3.96 for WordPress has XSS. View Full Alert