4 matches found
CVE-2025-2929
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-2929
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-2929
The CVE-2025-2929 entry concerns WordPress plugin Order Delivery Date for WP e-Commerce (pre-12.4.0). The issue is a Reflected Cross-Site Scripting vulnerability caused by insufficient sanitisation/escaping of a parameter before echoing it on a page, with potential impact against high-privilege u...
CVE-2025-2929 Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...