ID CVE-2015-9532Type cveReporter cve@mitre.orgModified 2019-10-25T16:43:00
Description
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
{"id": "CVE-2015-9532", "bulletinFamily": "NVD", "title": "CVE-2015-9532", "description": "The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.", "published": "2019-10-23T16:15:00", "modified": "2019-10-25T16:43:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9532", "reporter": "cve@mitre.org", "references": ["https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"], "cvelist": ["CVE-2015-9532"], "type": "cve", "lastseen": "2020-12-09T20:03:10", "edition": 6, "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "wpvulndb", "idList": ["WPVDB-ID:7944"]}], "modified": "2020-12-09T20:03:10", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2020-12-09T20:03:10", "rev": 2}, "vulnersScore": 1.4}, "cpe": ["cpe:/a:easydigitaldownloads:digital_store:-"], "affectedSoftware": [{"cpeName": "easydigitaldownloads:digital_store", "name": "easydigitaldownloads digital store", "operator": "eq", "version": "-"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.2.9"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "1.9.10"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "1.8.7"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.3.7"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.1.11"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.0.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:easydigitaldownloads:digital_store:-:*:*:*:*:easy_digital_downloads:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:digital_store:-:*:*:*:*:easy_digital_downloads:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.2.9:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.1.11:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:1.8.7:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.8.7", "versionStartIncluding": "1.8", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.0.5:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:1.9.10:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.3.7:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{"wpvulndb": [{"lastseen": "2020-06-29T19:29:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-9532"], "description": "WordPress Vulnerability - Digital Store < 1.3.3 - Unspecified XSS\n", "modified": "2019-11-28T00:00:00", "published": "2015-04-26T00:00:00", "id": "WPVDB-ID:7944", "href": "https://wpvulndb.com/vulnerabilities/7944", "type": "wpvulndb", "title": "Digital Store < 1.3.3 - Unspecified XSS", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
