Lucene search
K

7 matches found

Cvelist
Cvelist
added 2025/07/11 6:0 a.m.8 views

CVE-2025-2942 Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title such as from draft and private posts via an unauthenticated AJAX action, allowing attackers to retrieve such information...

0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/11 6:0 a.m.3 views

CVE-2025-2942 Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title such as from draft and private posts via an unauthenticated AJAX action, allowing attackers to retrieve such information...

7.1AI score0.00255EPSS
Exploits1References1
CVE
CVE
added 2025/07/11 6:0 a.m.24 views

CVE-2025-2942

CVE-2025-2942 affects the Order Delivery Date WordPress plugin prior to version 12.6.0. An unauthenticated AJAX action discloses arbitrary post titles (including drafts/private posts), enabling information disclosure. The root cause is an insecure AJAX endpoint that returns post title data withou...

4.3CVSS6.6AI score0.00255EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.12 views

PT-2025-17349 · WordPress +1 · Order Delivery Date +1

Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.6.0 Description: The Order Delivery Date WordPress plugin before version 12.6.0 discloses arbitrary post titles including draft and private posts through an unauthenticated AJAX action...

4.3CVSS6.6AI score0.00255EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/03/25 7:4 a.m.16 views

CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the eddajaxgetdownloadtitle function. This makes it possible for unauthenticated attackers to extract...

5.3CVSS0.00363EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/10/16 7:39 p.m.12 views

CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

6.2AI score0.00468EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/03/16 12:0 a.m.13 views

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. PoC Run the below command in the...

6.5CVSS6.2AI score0.00795EPSS
Exploits2Affected Software1
Rows per page
Query Builder