MEDIUM🇬🇧 English

CVE-2025-2942

CVSS 4.3v3.1pub. 2025-07-11upd. 2025-07-17

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • Tychesoftwares Order Delivery Date For Woocommerce

    APP
    Tychesoftwares
    < 12.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-2929HIGH7.1ten sam produkt

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...

CVE-2023-41874HIGH7.1ten sam produkt

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooComme...

CVE-2023-41858MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= ...

CVE-2025-2907CRITICAL9.8PL ✓ten sam vendor

CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny

CVE-2023-2986CRITICAL9.8ten sam vendor

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...