7 matches found
CVE-2025-2942 Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title such as from draft and private posts via an unauthenticated AJAX action, allowing attackers to retrieve such information...
CVE-2025-2942 Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title such as from draft and private posts via an unauthenticated AJAX action, allowing attackers to retrieve such information...
CVE-2025-2942
CVE-2025-2942 affects the Order Delivery Date WordPress plugin prior to version 12.6.0. An unauthenticated AJAX action discloses arbitrary post titles (including drafts/private posts), enabling information disclosure. The root cause is an insecure AJAX endpoint that returns post title data withou...
PT-2025-17349 · WordPress +1 · Order Delivery Date +1
Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.6.0 Description: The Order Delivery Date WordPress plugin before version 12.6.0 discloses arbitrary post titles including draft and private posts through an unauthenticated AJAX action...
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the eddajaxgetdownloadtitle function. This makes it possible for unauthenticated attackers to extract...
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure
The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. PoC Run the below command in the...