Unauthorized Access in Age Verification & Identity Verification Plugin for WordPress
CVE-2026-7558

5.3MEDIUM

What is CVE-2026-7558?

The Token of Trust plugin's handle_export_table() function is invoked without a capability check during the 'init' process, allowing unauthenticated users to exploit this flaw. This vulnerability enables unauthorized attackers to download a CSV file that contains sensitive information, including order details and admin-only edit URLs from WooCommerce donation records. By manipulating the 'tot_export_table' parameter, attackers can gain access to critical data simply by visiting the site's pages, compromising user privacy and data security.

Affected Version(s)

Age Verification & Identity Verification by Token of Trust 0 <= 4.0.2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter
.