CVE-2025-2942

medium

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

References

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/

Details

Source: Mitre, NVD

Published: 2025-07-11

Updated: 2025-07-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N