Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Network-reachable, no auth required (PR:N), low complexity; impact is limited to partial confidentiality of subscription metadata with no integrity or availability effect.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to view arbitrary customers' subscription data including subscription status, product names, order IDs, purchase dates, and expiry dates.
AnalysisAI
Unauthorized subscription data exposure in the 2Download Connector for 2DL Hosted Checkout WordPress plugin allows unauthenticated network attackers to read arbitrary customers' subscription records - including subscription status, product names, order IDs, purchase dates, and expiry dates - across all versions up to and including 0.1.5. The root cause is a missing authorization check in the plugin's shortcode handlers (Shortcodes.php), meaning any unauthenticated HTTP request can trigger the data-retrieval logic without identity verification. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions are required for exploitation beyond the plugin being installed and active on an internet-accessible WordPress site. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) scores 5.3 Medium, reflecting network-reachable, zero-friction exploitation with a constrained confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker enumerates WordPress sites running the 2Download Connector plugin (e.g., via HTTP response headers or plugin-specific asset paths), then sends a crafted HTTP request invoking one of the vulnerable shortcode AJAX handlers in Shortcodes.php with a target customer identifier or enumerable order ID. The server responds with that customer's subscription status, purchased product names, order IDs, and date metadata - requiring no credentials and no user interaction. … |
| Remediation | A changeset has been committed to the plugin's trunk repository (https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3524785%402download-connector&new=3524785%402download-connector), suggesting an upstream fix exists; however, a formally released patched version number is not independently confirmed in the available data - administrators should check the WordPress plugin repository for a version newer than 0.1.5 and upgrade immediately upon availability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37996
GHSA-5xwx-hh9j-4wj5