Skip to main content

Age Verification Identity Verification By Token Of Trust

1 CVEs product

Monthly

CVE-2026-7558 MEDIUM This Month

Unauthenticated export of sensitive WooCommerce donation records is possible in the Token of Trust WordPress plugin through version 4.0.2 due to a missing capability check on a publicly accessible export function. Any unauthenticated visitor can retrieve a CSV file containing charitable donor order dates, order IDs, donation amounts, and admin-only order edit URLs by appending a single GET parameter to any page on the affected site. No public exploit code has been identified and this vulnerability is not listed in CISA KEV, but the trivial exploitation mechanism - requiring only a browser and a known URL parameter - means low-skill attackers can exploit it at scale.

Authentication Bypass WordPress Age Verification Identity Verification By Token Of Trust
NVD
CVSS 3.1
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated export of sensitive WooCommerce donation records is possible in the Token of Trust WordPress plugin through version 4.0.2 due to a missing capability check on a publicly accessible export function. Any unauthenticated visitor can retrieve a CSV file containing charitable donor order dates, order IDs, donation amounts, and admin-only order edit URLs by appending a single GET parameter to any page on the affected site. No public exploit code has been identified and this vulnerability is not listed in CISA KEV, but the trivial exploitation mechanism - requiring only a browser and a known URL parameter - means low-skill attackers can exploit it at scale.

Authentication Bypass WordPress Age Verification Identity Verification By Token Of Trust
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy