CVE-2025-2942

Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

INFO

Published Date :

2025-07-11T06:00:02.439Z

Last Modified :

2025-07-15T13:47:22.514Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2942 vulnerability.

Vendors	Products
Tychesoftwares	Order Delivery Date For Woocommerce
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2942.

URL	Resource
https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact