{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2252", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-12T14:30:10.813Z", "datePublished": "2025-03-25T07:04:54.606Z", "dateUpdated": "2026-04-08T17:11:41.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:41.809Z"}, "affected": [{"vendor": "smub", "product": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.6.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal."}], "title": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L466"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Fran\u00e7oa Taffarel"}], "timeline": [{"time": "2025-03-24T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T17:43:43.397388Z", "id": "CVE-2025-2252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T17:44:11.737Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2252", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T17:43:43.397388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T17:43:49.523Z"}}], "cna": {"title": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure", "credits": [{"lang": "en", "type": "finder", "value": "Fran\u00e7oa Taffarel"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "smub", "product": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.6.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-24T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L466"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php"}], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:41.809Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2252", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:11:41.809Z", "dateReserved": "2025-03-12T14:30:10.813Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-25T07:04:54.606Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "ED95A51B-3D09-4138-9986-CDFE9114A648", "versionEndExcluding": "3.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal."}, {"lang": "es", "value": "El complemento Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.3.6.1 incluida, a trav\u00e9s de la funci\u00f3n edd_ajax_get_download_title(). Esto permite a atacantes no autenticados extraer t\u00edtulos privados de las publicaciones de las descargas. El impacto en este caso es m\u00ednimo."}], "id": "CVE-2025-2252", "lastModified": "2025-08-08T19:21:17.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-25T07:15:38.337", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L466"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?contextall=1"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:49:38.936350+00:00", "value": {"mitigation_remediation": ["Upgrade Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy to a version newer than 3.3.6.1.", "Restrict access to the edd_ajax_get_download_title() AJAX endpoint so that only authenticated users can invoke it, using plugin settings or a security plugin to enforce the restriction.", "Deploy a web application firewall rule that blocks anonymous requests to the AJAX action that triggers the vulnerable function."], "summary": {"action": "Update Plugin", "impact": "Sensitive Information Disclosure of Private Post Titles"}, "threat_synthesis": {"affected_systems": "All installations of the Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin up to and including version 3.3.6.1 on WordPress sites are affected. Any WordPress website that uses one of these versions potentially exposes private download titles to unauthenticated users.", "description_and_impact": "The Easy Digital Downloads plugin for WordPress contains an authentication bypass in its AJAX handler that returns download titles. Because the edd_ajax_get_download_title() function is callable without user credentials, an attacker can retrieve the titles of private download posts. This flaw exposes confidential data that site owners may consider sensitive, and it is classified as a CWE-200 Sensitive Data Exposure vulnerability.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate confidentiality impact. An EPSS score of less than 1% suggests that the likelihood of exploitation is very low at this time, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this weakness by sending a crafted AJAX request to the edd_ajax_get_download_title() endpoint without authenticating, making the attack vector straightforward while requiring no special prerequisites."}}}}, "created": "2026-04-22T02:00:05.035472+00:00", "updated": "2026-04-22T02:00:05.035484+00:00", "vendors": []}