What the vulnerability does
01Description
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.
Explanation of Vulnerability in Simple Terms
02Summary
Download After Email contains an authorization bypass that allows unauthenticated attackers to access sensitive information. The vulnerability exists in versions 2.1.5 through 2.1.6 and affects the scope beyond the vulnerable component. No user interaction is required to exploit this issue. Site administrators should update to a version newer than 2.1.6.
What an attacker can do
03Attacker Capabilities
Read sensitive information without logging in or providing credentials.
Potential impact on your site
04Site Impact
Unauthorized users can access data the plugin is designed to protect, potentially exposing customer information.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
December 18, 2025
CVE published
April 29, 2026
Record updated