CVE-2025-2942 Information

Description

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action allowing attackers to retrieve such information

Reference

https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f/