CVE-2025-2942

Published Jul 11, 2025

Last updated 2 days ago

CVSS medium 4.3

Overview

Description: The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information
Source: contact@wpscan.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2025-2942: Asus AICloud Router Vulnerability: An improper authentication control vulnerability exists in certain ASUS router firmware series ... potentially leading to unauthorized execution of functions. https://t.co/egSYWqJzou
@router_bugs
18 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tychesoftwares:order_delivery_date_for_woocommerce:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C977CB-8DEF-42C4-8B19-9454FDFC1BA3",
            "versionEndExcluding": "12.6.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References