The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sandhillsdev easy_digital_downloads |
||
easydigitaldownloads manual_purchases - |
Vulmon