CVE-2025-2942 | THREATINT

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

PUBLISHED Reserved 2025-03-28 | Published 2025-07-11 | Updated 2025-07-15 | Assigner WPScan

Problem types

CWE-200 Information Exposure

Product status

Default status

unaffected

2.0 (semver) before 12.6.0

affected

Credits

Erwan LR (WPScan) finder

WPScan coordinator

References

wpscan.com/...rability/13a87567-2cf7-4bfb-8d63-a8e74950978f/ exploit

wpscan.com/...rability/13a87567-2cf7-4bfb-8d63-a8e74950978f/ exploit vdb-entry technical-description

cve.org (CVE-2025-2942)

nvd.nist.gov (CVE-2025-2942)

Download JSON