Vulnerabilites related to easydigitaldownloads - invoices
Vulnerability from fkie_nvd
Published
2019-10-23 17:15
Modified
2025-02-07 19:44
Severity ?
Summary
The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FF9FEDCE-C0AE-4045-B71B-59D4FCA1F769",
"versionEndExcluding": "1.8.7",
"versionStartIncluding": "1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AB250869-BD89-4639-9D18-708032CC3251",
"versionEndExcluding": "1.9.10",
"versionStartIncluding": "1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "069AA087-DA95-4BD1-973F-B53E0DD8E658",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4BA7E3D6-4B3F-4C5C-B7B4-B3F716CB4045",
"versionEndExcluding": "2.1.11",
"versionStartIncluding": "2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "449E6BE0-6A82-4FD4-8F48-865B35DCE0FA",
"versionEndExcluding": "2.2.9",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0ED07242-1A2A-4F42-ABDD-46642EA07E44",
"versionEndExcluding": "2.3.7",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:easydigitaldownloads:invoices:-:*:*:*:*:easy_digital_downloads:*:*",
"matchCriteriaId": "D1072C39-6A0C-4001-A7FC-2BE835E06667",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."
},
{
"lang": "es",
"value": "La extensi\u00f3n Invoices de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el par\u00e1metro add_query_arg es usado inapropiadamente."
}
],
"id": "CVE-2015-9516",
"lastModified": "2025-02-07T19:44:53.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-23T17:15:11.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-9516 (GCVE-0-2015-9516)
Vulnerability from cvelistv5
Published
2019-10-23 16:08
Modified
2024-08-06 08:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T16:08:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9516",
"datePublished": "2019-10-23T16:08:55",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}