Unauthenticated Access Control Issue in Easy Digital Downloads by Sandhills Development
CVE-2026-39503

7.5HIGH

Key Information:

Vendor: WordPress
Status: Easy Digital Downloads
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-39503?

An unauthenticated access control vulnerability exists in Easy Digital Downloads versions up to 3.6.5, allowing attackers to bypass authorization mechanisms. This may lead to unauthorized access and manipulation of sensitive data, thereby compromising the integrity and security of the application. Users are strongly advised to update to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Easy Digital Downloads <= 3.6.5

References

https://patchstack.com/database/wordpress/plugin/easy-dig...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Jakub Herman | Patchstack Bug Bounty Program

CVE-2026-39503 Data

JSON

WordPress

What is CVE-2026-39503?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit