What the vulnerability does
01Description
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.3.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Order Delivery Date for WooCommerce plugin through version 4.3.1 lacks proper authorization checks on certain administrative functions. An attacker can modify order delivery dates or other order metadata by tricking a site administrator into clicking a malicious link. This affects the integrity of order records but does not expose sensitive data.
What an attacker can do
03Attacker Capabilities
Modify order delivery dates and related order data by tricking an admin into clicking a link.
Potential impact on your site
04Site Impact
Order delivery dates and metadata can be altered without authorization, potentially disrupting fulfillment workflows.
Conditions required to exploit
05Prerequisites
An administrator must click a malicious link or visit an attacker-controlled page while logged in.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated