exploitDog

CVE-2025-2942

Опубликовано: 11 июл. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

Ссылки

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tychesoftwares:order_delivery_date_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 12.6.0 (исключая)

EPSS

Процентиль: 12%

0.00041

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q4cf-5v5q-g7jw

CVSS3: 4.3

github

7 месяцев назад

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

EPSS

Процентиль: 12%

0.00041

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo