CVE-2025-2252

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress versions up to, and including, 3.3.6.1

Description The issue allows unauthenticated attackers to extract private post titles of downloads via the edd ajax get download title() function. The impact of this issue is minimal.

Recommendations For versions up to, and including, 3.3.6.1, consider updating to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. As a temporary workaround, consider disabling the edd ajax get download title() function until a patch is available.