exploitDog

GHSA-q4cf-5v5q-g7jw

Опубликовано: 11 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Ссылки

EPSS

Процентиль: 11%

0.00039

Низкий

4.3 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-2942

CVSS3: 4.3

nvd

7 месяцев назад

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

EPSS

Процентиль: 11%

0.00039

Низкий

4.3 Medium

CVSS3

CVE ID