Order Delivery Date Pro For Woocommerce
Approved changes feed: RSS · Atom
cpe:2.3:a:tychesoftwares:order_delivery_date_pro_for_woocommerce:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Tychesoftwares (db686eea-abfb-5961-9b4b-c2e0a3dc6e56) |
|---|---|
| Product | Order Delivery Date Pro For Woocommerce (ed443980-562b-5d09-99e7-1d134b90d144) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2907 |
vulnerable | 2026-06-03 15:00:26.846483 |
Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.
Published: 2025-04-26T06:00:05.145Z
Updated: 2025-04-29T15:22:24.627Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.