2 matches found
CVE-2024-13540 WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure
The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodtgetallorders.php file being publicly accessible and generating a publicly visible error...
CVE-2024-13540
CVE-2024-13540 (WooODT Lite – Delivery & pickup date time location for WooCommerce) is associated with a Full Path Disclosure vulnerability. The connected Wordfence entry notes that versions up to 2.5.1 expose the file /inc/bycwooodt_get_all_orders.php publicly, enabling unauthenticated disclosur...