The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NTychesoftwares Order Delivery Date For Woocommerce
APPTychesoftwares< 12.6.0
Powiązane podatności
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooComme...
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= ...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...