CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

April 26, 2025

CVE ID : CVE-2025-2907

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Next Article CVE-2025-3914 – Airtable Aeropage Sync for WordPress Unauthenticated Arbitrary File Upload Vulnerability

Highlights

CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

May 24, 2025

CVE ID : CVE-2025-5131

Published : May 24, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-7416 – Tenda O3V2 HTTPd Stack-Based Buffer Overflow Vulnerability

Envisioning a future where health care tech leaves some behind

Navigating the Digital Transformation Landscape in 2025

How to Set up DNS in Windows Server

CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cyberattack on CoinDCX Triggers $44M Loss, But No Impact on User Wallets

8 AI Tips for Web Developers (and Their Careers)

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Related Posts