CVE-2025-63024
Description
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Order Delivery Date for WooCommerce up to 4.3.1 allows unprivileged users to access higher-privileged actions.
The Order Delivery Date for WooCommerce plugin versions 4.3.1 and earlier contain a missing authorization vulnerability. The plugin fails to properly enforce access control checks, allowing users with lower privileges to perform actions intended for higher-privileged roles [1].
Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page. An attacker with a low-privileged account can leverage this broken access control to execute unauthorized functions within the plugin [1].
Successful exploitation could allow an attacker to modify order delivery dates or access sensitive configuration settings, depending on the specific unprotected function. The CVSS score of 5.4 reflects the medium severity of this privilege escalation risk [1].
The vulnerability has been patched in version 4.3.2. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins. No workaround is available other than updating [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=4.3.1
- Range: <=4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.