CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-2942: Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Classification

CVE ID: CVE-2025-2942

Problem Types

CWE-200 Information Exposure

Affected Products

Vendor: Unknown

Product: Order Delivery Date

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.02% (scored less or equal to compared to others)

EPSS Date: 2025-07-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2942
https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

Timeline

2025-07-11 06:40:16 UTC
CVE

Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure