cleantalk
Vulnerabilities and Security Researches

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy), CVE-2015-9526

CVE, Research URL

CVE-2015-9526

Home page URL

Security reports for Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Application

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Published on
Oct 23, 2019
Research Description
The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Affected versions
Min -, max 2.3.7.
Status
vulnerable
Previous vulnerability researches
Easy Digital Downloads Google Sheet Connector (15a5f778b24e34c8a9f5f1c30ea580c8a86c0dc5) , Jun 06, 2024
Wezido – Elementor Addon Based on Easy Digital Downloads (CVE-2024-51836) , Nov 12, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2025-2252) , Mar 26, 2025
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2015-9517) , Jun 07, 2024
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) (CVE-2015-9518) , Jun 07, 2024
New vulnerability
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates (CVE-2025-5103) , Jun 03, 2025
History Log by click5 (CVE-2025-47598) , Jun 03, 2025
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025