A vulnerability classified as critical has been found in fahadmahmood Easy Upload Files During Checkout Plugin up to 3.0.1 on WordPress. Affected is the function ufdc_custom_init of the component File Deletion Handler. The manipulation of the argument eufdc-delete leads to missing authorization.

This vulnerability is listed as CVE-2026-6802. The attack may be initiated remotely. There is no available exploit.