Skip to main content

2Download Connector For 2Dl Hosted Checkout

1 CVEs product

Monthly

CVE-2026-6798 MEDIUM This Month

Unauthorized subscription data exposure in the 2Download Connector for 2DL Hosted Checkout WordPress plugin allows unauthenticated network attackers to read arbitrary customers' subscription records - including subscription status, product names, order IDs, purchase dates, and expiry dates - across all versions up to and including 0.1.5. The root cause is a missing authorization check in the plugin's shortcode handlers (Shortcodes.php), meaning any unauthenticated HTTP request can trigger the data-retrieval logic without identity verification. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress 2Download Connector For 2Dl Hosted Checkout
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthorized subscription data exposure in the 2Download Connector for 2DL Hosted Checkout WordPress plugin allows unauthenticated network attackers to read arbitrary customers' subscription records - including subscription status, product names, order IDs, purchase dates, and expiry dates - across all versions up to and including 0.1.5. The root cause is a missing authorization check in the plugin's shortcode handlers (Shortcodes.php), meaning any unauthenticated HTTP request can trigger the data-retrieval logic without identity verification. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress 2Download Connector For 2Dl Hosted Checkout
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy