CVE-2025-2942

Medium CVSS: 4.3

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Vendor

Tychesoftwares

Product

Order Delivery Date For Woocommerce

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-07-11 06:15:22

Güncelleme

2025-07-17 00:59:53

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo Order Delivery Date For Woocommerce MEDIUM Tychesoftwares 2025

Referanslar

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/ https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

Benzer Kayıtlar

High

CVE-2025-2929

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it bac…

Critical

CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settin…

High

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficien…

Medium

CVE-2024-56242

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arc…