Tychesoftwares: >> Order Delivery Date For Woocommerce >> 1.6 Security Vulnerabilities
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-11
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
7.1
EPSS Score
0.001
Published
2025-05-20
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-25