Tyche Product Delivery Date Vulnerability

MEDIUM (5.3) No Patch
access-control-vulnerabilitybroken-access-controlphptychewordpress-plugin

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Tyche softwares Product Delivery Date for WooCommerce – Lite is a plugin designed to manage product delivery dates in WordPress. This vulnerability allows attackers to bypass access controls, potentially gaining unauthorized access to sensitive data and system configuration.

Am I affected?

You're affected if you use Vulnerability. Affected versions: 2.7.0 If you don't recognise this software, you're probably not affected.

Affected Products

Tyche Software / Product Delivery Date for WooCommerce – Lite

How to fix

  1. Update to Tyche Product Delivery Date for WooCommerce – Lite version 2.7.1 or later from the official GitHub repository: https://github.com/tyche-software/product-delivery-date-for-woocommerce-lite/releases
  2. Immediate mitigations:
    • Restrict network access to your WordPress installation (firewall it from the public internet)
    • Audit plugin activity for suspicious access patterns
    • Monitor for unauthorized changes to product delivery dates

References