CVE-2025-2929

Name of the Vulnerable Software and Affected Versions Order Delivery Date WordPress plugin versions prior to 12.4.0

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it back in the page. This could be used against high privilege users such as admin.

Recommendations For versions prior to 12.4.0, update to version 12.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved.