CVE-2026-39503— WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Awesomemotive | Easy Digital Downloads | n/a≤ 3.6.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39503
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Awesomemotive Easy Digital Downloads 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
awesomemotive easy digital downloads是awesomemotive公司开源的一款数字商品销售系统。 Awesomemotive Easy Digital Downloads 3.6.5及之前版本存在授权问题漏洞,该漏洞源于访问控制不当,可能导致未经身份验证的攻击者破坏访问控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Awesomemotive | Easy Digital Downloads | n/a ~ 3.6.5 | - |
II. Public POCs for CVE-2026-39503
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39503
请登录查看更多情报信息。
Other References for CVE-2026-39503 (1)
IV. Related Vulnerabilities
Same product: Easy Digital Downloads
- CVE-2023-40005
WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Ac - CVE-2024-43162
WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken A - CVE-2024-5057
WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Inje - CVE-2024-32100
WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitiv - CVE-2024-31113
WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Si
Same weakness: CWE-862
- CVE-2026-52866
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Mi - CVE-2026-49205
phpMyFAQ: Missing userHasPermission() in 4 API write endpoin - CVE-2026-11719
MCP数据库工具箱旧版本认证绕过漏洞 - CVE-2026-12093
Simple Membership <= 4.7.5 - Missing Authorization to Unauth - CVE-2026-10029
Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauth
V. Comments for CVE-2026-39503
No comments yet