The Order Delivery Date plugin for WooCommerce is a popular add-on for e-commerce platforms. This vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially leading to unauthorized access to sensitive data.
You're affected if you use Missing Authorization vulnerability. Affected versions: 4.3.1 If you don't recognise this software, you're probably not affected.
To fix this vulnerability, update to WooCommerce version 5.9.1 or later. Alternatively, apply immediate mitigations:
- Restrict network access to your WordPress installation (firewall it from the public internet)
- Audit plugin activation and deactivation logs for suspicious activity patterns
- Monitor for unauthorized plugin updates