CVE-2015-9521

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

View Full Alert

Related Posts

  • CVE-2015-0270

    Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. View Full Alert

  • CVE-2015-6960

    edx-platform before 2015-09-17 allows XSS via a team name. View Full Alert

  • CVE-2015-9297

    The events-manager plugin before 5.6 for WordPress has XSS. View Full Alert