CVE-2015-9530
Easy Digital Downloads – Upload File <= 1.0.4 - Arbitrary File Upload/Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
La extensión Upload File de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el parámetro add_query_arg es usado inapropiadamente.
The Easy Digital Downloads – Upload File for WordPress is vulnerable to Arbitrary File Upload/Delete and Remote Code Execution via the 'edd_upload_file_delete', 'edd_upload_file_view_files', and 'create_upload_dir' functions in versions up to, and including, 1.0.4. This makes it possible for authenticated attackers to upload/delete system files and execute arbitrary code remotely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-09 CVE Published
- 2019-10-14 CVE Reserved
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 1.8 < 1.8.7 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 1.8 < 1.8.7" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 1.9 < 1.9.10 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 1.9 < 1.9.10" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 2.0 < 2.0.5 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 2.0 < 2.0.5" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 2.1 < 2.1.11 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 2.1 < 2.1.11" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 2.2 < 2.2.9 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 2.2 < 2.2.9" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|
| Sandhillsdev Search vendor "Sandhillsdev" | Easy Digital Downloads Search vendor "Sandhillsdev" for product "Easy Digital Downloads" | >= 2.3 < 2.3.7 Search vendor "Sandhillsdev" for product "Easy Digital Downloads" and version " >= 2.3 < 2.3.7" | wordpress |
Affected
| in | Easydigitaldownloads Search vendor "Easydigitaldownloads" | Upload File Search vendor "Easydigitaldownloads" for product "Upload File" | - | easy_digital_downloads |
Affected
|