Order Delivery Date For Woocommerce Security Vulnerabilities and Issues — Order Delivery Date For Woocommerce CVE List

Lucene search

TychesoftwaresOrder Delivery Date For Woocommerce

6 matches found

CVE•added 2025/04/26 6:15 a.m.•77 views

CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify...

9.8CVSS7AI score0.02997EPSS

CVE•added 2024/02/05 10:16 p.m.•37 views

CVE-2024-0678

The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

6.5CVSS6.1AI score0.00369EPSS

CVE•added 2023/09/25 1:15 a.m.•33 views

CVE-2023-41874

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin

7.1CVSS6AI score0.00083EPSS

CVE•added 2023/10/10 9:15 a.m.•31 views

CVE-2023-41858

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin

8.8CVSS6.5AI score0.00147EPSS

CVE•added 2025/05/20 6:15 a.m.•26 views

CVE-2025-2929

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

7.1CVSS6.1AI score0.0005EPSS

CVE•added 2025/07/11 6:15 a.m.•8 views

CVE-2025-2942

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

4.3CVSS6.6AI score0.00028EPSS