PT-2025-17349 · WordPress+1 · Order Delivery Date+1
Erwan Lr
·
Published
2025-04-18
·
Updated
2025-07-15
·
CVE-2025-2942
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Order Delivery Date WordPress plugin versions prior to 12.6.0
Description:
The Order Delivery Date WordPress plugin before version 12.6.0 discloses arbitrary post titles (including draft and private posts) through an unauthenticated AJAX action, potentially allowing attackers to retrieve this information.
Recommendations:
Update the Order Delivery Date WordPress plugin to version 12.6.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Order Delivery Date
Order Delivery Date For Woocommerce