VYPR

Order Delivery Date

by WordPress

CVEs (5)

  • CVE-2024-0678MedFeb 5, 2024
    WordPress
    Order Delivery Date
    risk 0.42cvss 6.5epss 0.00

    The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-2942Jul 11, 2025
    WordPress
    Order Delivery Date
    risk 0.00cvss epss 0.00

    The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

  • CVE-2025-2929May 20, 2025
    Order Delivery Date
    Order Delivery Date
    risk 0.00cvss epss 0.00

    The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2025-2907Apr 26, 2025
    WordPress
    Order Delivery Date
    risk 0.00cvss epss 0.01

    The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers…

  • CVE-2023-41858Oct 10, 2023
    WordPress
    Order Delivery Date
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.