EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

Malicious code in hosted-checkout-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b28fec32c2291a635a7818b08faccb32ba2b20f87616d26a8cf6d0604884065d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3678 Malicious code in hosted-checkout-tutorial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b28fec32c2291a635a7818b08faccb32ba2b20f87616d26a8cf6d0604884065d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...