CVE-2025-2942

Published: Jul 11, 2025Modified: Jul 17, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Affected (1)

Products: Tychesoftwares: Order Delivery Date For Woocommerce

Tychesoftwares

1 product

Order Delivery Date For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tychesoftwares Order Delivery Date For Woocommerce	Before 12.6.0

References (2)

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.