MEDIUM🇵🇱 Wersja polska

CVE-2025-2942

CVSS 4.3v3.1pub. 2025-07-11upd. 2025-07-17

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • Tychesoftwares Order Delivery Date For Woocommerce

    APP
    Tychesoftwares
    < 12.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-2929HIGH7.1ten sam produkt

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...

CVE-2023-41874HIGH7.1ten sam produkt

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooComme...

CVE-2023-41858MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= ...

CVE-2025-2907CRITICAL9.8PL ✓ten sam vendor

CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny

CVE-2023-2986CRITICAL9.8ten sam vendor

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...

CVE-2025-2942 — Tychesoftwares — Order Delivery Date For Woocommerce — MEDIUM — CVSS 4.3 | CVEbaza.pl