Skip to main content

2Download Connector EUVDEUVD-2026-37996

| CVE-2026-6798 MEDIUM
Missing Authorization (CWE-862)
2026-06-19 Wordfence GHSA-5xwx-hh9j-4wj5
5.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.3 MEDIUM

Network-reachable, no auth required (PR:N), low complexity; impact is limited to partial confidentiality of subscription metadata with no integrity or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 19, 2026 - 08:30 vuln.today
CVE Published
Jun 19, 2026 - 06:51 nvd
MEDIUM 5.3

DescriptionCVE.org

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to view arbitrary customers' subscription data including subscription status, product names, order IDs, purchase dates, and expiry dates.

AnalysisAI

Unauthorized subscription data exposure in the 2Download Connector for 2DL Hosted Checkout WordPress plugin allows unauthenticated network attackers to read arbitrary customers' subscription records - including subscription status, product names, order IDs, purchase dates, and expiry dates - across all versions up to and including 0.1.5. The root cause is a missing authorization check in the plugin's shortcode handlers (Shortcodes.php), meaning any unauthenticated HTTP request can trigger the data-retrieval logic without identity verification. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running 2Download Connector
Delivery
Locate vulnerable shortcode AJAX endpoint in Shortcodes.php
Exploit
Send unauthenticated HTTP request with target customer identifier
Execution
Receive subscription metadata in response
Impact
Enumerate additional customer records via order ID iteration

Vulnerability AssessmentAI

Exploitation No special conditions are required for exploitation beyond the plugin being installed and active on an internet-accessible WordPress site. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) scores 5.3 Medium, reflecting network-reachable, zero-friction exploitation with a constrained confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker enumerates WordPress sites running the 2Download Connector plugin (e.g., via HTTP response headers or plugin-specific asset paths), then sends a crafted HTTP request invoking one of the vulnerable shortcode AJAX handlers in Shortcodes.php with a target customer identifier or enumerable order ID. The server responds with that customer's subscription status, purchased product names, order IDs, and date metadata - requiring no credentials and no user interaction. …
Remediation A changeset has been committed to the plugin's trunk repository (https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3524785%402download-connector&new=3524785%402download-connector), suggesting an upstream fix exists; however, a formally released patched version number is not independently confirmed in the available data - administrators should check the WordPress plugin repository for a version newer than 0.1.5 and upgrade immediately upon availability. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy