The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LTychesoftwares Order Delivery Date For Woocommerce
APPTychesoftwares< 12.4.0
Related vulnerabilities
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooComme...
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and ...
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= ...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...