Lucene search
K

6 matches found

Patchstack
Patchstack
added 2025/04/28 7:18 a.m.16 views

WordPress Order Delivery Date Pro for WooCommerce plugin < 12.3.1 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Mike Gozdiskowski in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.3.1...

9.8CVSS8.3AI score0.01286EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/28 6:32 a.m.16 views

CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

9.8CVSS6.8AI score0.01286EPSS
Exploits2References1
Circl
Circl
added 2025/04/26 6:8 a.m.26 views

CVE-2025-2907

creationtimestamp| type| source ---|---|--- 2025-04-26 06:08:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13566 2025-04-26 07:25:43+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnp7ep2ivca2 2025-04-26...

9.8CVSS8.6AI score0.01286EPSS
Exploits2References8
Cvelist
Cvelist
added 2025/04/26 6:0 a.m.43 views

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

0.01286EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/26 6:0 a.m.9 views

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

6.8AI score0.01286EPSS
Exploits2References1
CVE
CVE
added 2025/04/26 6:0 a.m.138 views

CVE-2025-2907

The CVE-2025-2907 issue affects the WordPress plugin Order Delivery Date Pro for WooCommerce (versions before 12.3.1). The root cause is missing authorization and CSRF checks when importing settings, allowing an unauthenticated attacker to update arbitrary options such as default_user_role to adm...

9.8CVSS7AI score0.01286EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder