🔐 CVE Alert

CVE-2024-11225

MEDIUM 6.1

Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CWE CWE-79
Vendor codename065
Product premium packages – sell digital products securely
Published Nov 22, 2024
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for codename065 premium packages – sell digital products securely

Be the first to know when new medium vulnerabilities affecting codename065 premium packages – sell digital products securely are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

codename065 / Premium Packages – Sell Digital Products Securely
0 ≤ 5.9.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e847fd-0932-4d65-a201-b86e39a33588?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L584 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L420 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L422 wordpress.org: https://wordpress.org/plugins/wpdm-premium-packages/#developers plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3195568/wpdm-premium-packages/trunk/includes/libs/functions.php

Credits

Peter Thaleikis