CVE-2025-2252
MEDIUM EPSS 28.2%
Published Mar 25, 20251y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Published Mar 25, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
28.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| awesomemotive | easy_digital_downloads | * | <3.3.7 |
References 5
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L466
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php
- wordfence.com https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve
Remediation
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php