Tychesoftwares Order Delivery Date For Woocommerce vulnerabilities

6 known vulnerabilities affecting tychesoftwares/order_delivery_date_for_woocommerce.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM3UNKNOWN1

Vulnerabilities

Page 1 of 1

CVE-2025-63024MEDIUMCVSS 5.4≤ 4.3.12025-12-09

CVE-2025-63024 [MEDIUM] CWE-862 CVE-2025-63024: Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-deli Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.3.1.

CVE-2025-58599UNKNOWN≤ 4.1.02025-09-03

CVE-2025-58599 CWE-862 CVE-2025-58599: Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-deli Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.1.0.

CVE-2025-2942MEDIUMCVSS 4.3fixed in 12.6.02025-07-11

CVE-2025-2942 [MEDIUM] CWE-200 CVE-2025-2942: The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

CVE-2025-2929HIGHCVSS 7.1fixed in 12.4.02025-05-20

CVE-2025-2929 [HIGH] CWE-79 CVE-2025-2929: The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter befo The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2023-41858HIGHCVSS 8.8≤ 1.22023-10-10

CVE-2023-41858 [HIGH] CWE-352 CVE-2023-41858: Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.

CVE-2023-41874MEDIUMCVSS 6.1≤ 3.20.02023-09-25

CVE-2023-41874 [MEDIUM] CWE-79 CVE-2023-41874: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date fo Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.