WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin Easy Digital Downloads, which can be exploited to inject arbitrary web scripts via the $start_date and $end_date parameters in the ~/includes/admin/payments/class-payments-table.php file. file with the $start_date and $end_date parameters to inject arbitrary web scripts.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress wordpress easy digital downloads | le | 2.11.2 |