CVE-2025-2942

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 76.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Order Delivery DateTychesoftwares Order Delivery Date FOR Woocommerce
Timeline
PublishedJul 11

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/order_delivery_date2.012.6.0

🔴Vulnerability Details

2
GHSA
GHSA-q4cf-5v5q-g7jw: The Order Delivery Date WordPress plugin before 122025-07-11
CVEList
Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure2025-07-11
CVE-2025-2942 (MEDIUM CVSS 4.3) | The Order Delivery Date WordPress p | cvebase.io