The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sandhillsdev easy_digital_downloads |
||
easydigitaldownloads upload_file - |