Unauthorized Access in Age Verification & Identity Verification Plugin for WordPress
CVE-2026-7558
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 July 2026
What is CVE-2026-7558?
The Token of Trust plugin's handle_export_table() function is invoked without a capability check during the 'init' process, allowing unauthenticated users to exploit this flaw. This vulnerability enables unauthorized attackers to download a CSV file that contains sensitive information, including order details and admin-only edit URLs from WooCommerce donation records. By manipulating the 'tot_export_table' parameter, attackers can gain access to critical data simply by visiting the site's pages, compromising user privacy and data security.
Affected Version(s)
Age Verification & Identity Verification by Token of Trust 0 <= 4.0.2