CVE-2015-9522 – Easy Digital Downloads – QR Codes <= 1.1.0 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-9522

The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. La extensión QR Code de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el parámetro add_query_arg es usado inapropiadamente. The Easy Digital Downloads (EDD) QR Code extension for WordPress in versions up to, and including, 1.1.0, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. • https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •