Vulnerability in Tychesoftwares Order_delivery_date_for_woocommerce

CVE-2025-2942

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

EPSS: 0.003 (16.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

References

  • contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2025-2942?
CVE-2025-2942 is a medium-severity vulnerability in Tychesoftwares Order_delivery_date_for_woocommerce, classified under CWE-200 INFORMATION EXPOSURE. CVSS score: 4.3/10. Published 2025-07-11.
How severe is CVE-2025-2942?
Medium severity. CVSS v3 base score is 4.3 out of 10.