7 matches found
CVE-2015-9510
The Easy Digital Downloads EDD Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
WordPress J Cart Upsell and Cross-sell for WooCommerce Plugin < 3.4.3 is vulnerable to Cross Site Scripting (XSS)
Software J Cart Upsell and Cross-sell for WooCommerce Type Plugin Vulnerable versions 3.4.3 Fixed in 3.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4390725c1073 Credits Rafie...
WordPress J Cart Upsell and Cross-sell for WooCommerce plugin < 2.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress J Cart Upsell and Cross-sell for WooCommerce plugin versions 2.0.1. Solution Update the WordPress J Cart Upsell and Cross-sell for WooCommerce plugin to the latest available version at least 2.0.1...
WordPress J Cart Upsell and Cross-sell for WooCommerce plugin < 2.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress J Cart Upsell and Cross-sell for WooCommerce plugin versions 2.0.1. Solution Update the WordPress J Cart Upsell and Cross-sell for WooCommerce plugin to the latest available version at least 2.0.1...
CVE-2015-9510
The Easy Digital Downloads EDD Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
Cross site scripting
The Easy Digital Downloads EDD Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2015-9510
CVE-2015-9510 affects the Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress. The vulnerability is an XSS caused by misusing add_query_arg in specific older/legacy EDD extension versions: 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x b...