Design/Logic Flaw

2019-10-2317:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.9%

JSON

The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

CPENameOperatorVersion
easy_digital_downloadsge1.8
easy_digital_downloadslt1.8.7
easy_digital_downloadsge1.9
easy_digital_downloadslt1.9.10
easy_digital_downloadsge2.0
easy_digital_downloadslt2.0.5
easy_digital_downloadsge2.1
easy_digital_downloadslt2.1.11
easy_digital_downloadsge2.2
easy_digital_downloadslt2.2.9

Name	Operator	Version
easy_digital_downloads	ge	1.8
easy_digital_downloads	lt	1.8.7
easy_digital_downloads	ge	1.9
easy_digital_downloads	lt	1.9.10
easy_digital_downloads	ge	2.0
easy_digital_downloads	lt	2.0.5
easy_digital_downloads	ge	2.1
easy_digital_downloads	lt	2.1.11
easy_digital_downloads	ge	2.2
easy_digital_downloads	lt	2.2.9