CVE-2025-2252 – The Easy Digital Downloads WordPress plugin exp... (How to Fix)

📋 TL;DR

The Easy Digital Downloads WordPress plugin exposes private download post titles to unauthenticated users via an AJAX function. This affects all WordPress sites using the plugin up to version 3.3.6.1, allowing attackers to view titles of downloads that should be private.

💻 Affected Systems

Products:

Easy Digital Downloads WordPress plugin

Versions: All versions up to and including 3.3.6.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin version enabled.

📦 What is this software?

Easy Digital Downloads by Awesomemotive

View all CVEs affecting Easy Digital Downloads →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map private download offerings, potentially identifying sensitive products or services before they're publicly announced.

🟠

Likely Case

Minimal information disclosure revealing download titles that should remain private, with no access to actual download content.

🟢

If Mitigated

No impact if plugin is patched or workarounds are implemented to restrict access to the vulnerable function.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires simple HTTP requests to the vulnerable AJAX endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.6.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3257409/easy-digital-downloads/trunk/includes/ajax-functions.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find Easy Digital Downloads
4. Click 'Update Now' if available
5. Or download version 3.3.6.2+ from WordPress.org and manually update

🔧 Temporary Workarounds

Restrict AJAX endpoint access

all

Block unauthenticated access to the vulnerable AJAX function via web server configuration or security plugin.

# Apache .htaccess example
RewriteCond %{QUERY_STRING} action=edd_ajax_get_download_title
RewriteRule ^ - [F]

🧯 If You Can't Patch

Disable the Easy Digital Downloads plugin temporarily
Implement web application firewall rules to block requests to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Easy Digital Downloads version. If version is 3.3.6.1 or lower, you're vulnerable.

Check Version:

# WordPress CLI
wp plugin get easy-digital-downloads --field=version

Verify Fix Applied:

After updating, verify version is 3.3.6.2 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'action=edd_ajax_get_download_title' from unauthenticated users
Multiple AJAX requests to /wp-admin/admin-ajax.php with download ID parameters

Network Indicators:

Unusual spike in requests to WordPress AJAX endpoints
Pattern of requests attempting to enumerate download IDs

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND query="*action=edd_ajax_get_download_title*"

📊 Metadata

CVE ID: CVE-2025-2252

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.2% exploit probability (41.4th percentile)

Published: March 25, 2025

Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2252, you might also want to check these: