Skip to main content

Easy Upload Files During Checkout EUVDEUVD-2026-42846

| CVE-2026-6802 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-10 Wordfence GHSA-hwwr-5j3w-9mfq
5.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
6.5 MEDIUM

Network-accessible with no authentication required; A:L added to vendor scoring because permanent media deletion makes those assets unavailable, not merely altered.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 10, 2026 - 09:24 vuln.today
CVE Published
Jul 10, 2026 - 07:48 nvd
MEDIUM 5.3

DescriptionCVE.org

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdc_custom_init() function, which processes the 'eufdc-delete' parameter without any nonce verification, capability check, or attachment ownership validation. This makes it possible for unauthenticated attackers to permanently delete arbitrary media library attachments from the WordPress site.

AnalysisAI

Unauthenticated media library attachment deletion affects the Easy Upload Files During Checkout WordPress plugin through version 3.0.1, enabling any remote visitor to permanently destroy arbitrary files from the site's media library with no credentials. The root cause is CWE-639: the ufdc_custom_init() hook processes a user-controlled 'eufdc-delete' parameter without nonce verification, capability checks, or attachment ownership validation, reducing authorization to a trivial parameter-guessing exercise against sequential WordPress attachment IDs. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Enumerate WordPress attachment IDs via public pages or oEmbed
Delivery
Send unauthenticated HTTP request with 'eufdc-delete' parameter
Exploit
ufdc_custom_init() processes parameter without authorization checks
Execution
WordPress core executes permanent attachment deletion
Impact
Media library content irreversibly destroyed

Vulnerability AssessmentAI

Exploitation The Easy Upload Files During Checkout plugin must be installed and active on the target WordPress installation running version 3.0.1 or earlier - no special plugin configuration or non-default settings are required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately reflects the network-accessible, zero-authentication delivery, but the I:L/A:N impact assignment arguably understates real-world consequences: permanent and irreversible deletion of media library content could plausibly be scored A:L as well, since destroyed product images, customer receipts, or document uploads are no longer available. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker visits any page on the target WordPress site that fires the ufdc_custom_init() hook and appends the 'eufdc-delete' parameter set to an integer attachment ID - for example, submitting a request such as GET /?eufdc-delete=42. Because WordPress attachment IDs are sequential integers widely exposed through page source, RSS feeds, and oEmbed endpoints, the attacker can enumerate and permanently destroy product images, customer-uploaded checkout files, or other media library content using nothing more than a basic HTTP client or browser. …
Remediation A fix has been committed to the plugin's trunk branch in the WordPress plugin repository (changeset 3522887, visible at https://plugins.trac.wordpress.org/changeset?reponame=&old=3522887%40easy-upload-files-during-checkout&new=3522887%40easy-upload-files-during-checkout); however, a patched tagged release with a version number beyond 3.0.1 is not independently confirmed from the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy