The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sandhillsdev easy_digital_downloads |
||
easydigitaldownloads attach_accounts_to_orders - |