Vulnerabilities and security researches forproduct-delivery-date-for-woocommerce-lite product-delivery-date-for-woocommerce-lite
Direction: descendingJan 10, 2026
Product Delivery Date for WooCommerce – Lite # CVE-2025-69027
- CVE, Research URL
- Date
- Dec 30, 2025
- Research Description
- Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0.
- Affected versions
-
max 3.2.0.
- Status
-
vulnerable
Nov 14, 2024
Product Delivery Date for WooCommerce – Lite # CVE-2024-10882
- CVE, Research URL
- Date
- Nov 13, 2024
- Research Description
- The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.8.1.
- Status
-
vulnerable
Oct 05, 2024
Product Delivery Date for WooCommerce – Lite # CVE-2024-9345
- CVE, Research URL
- Date
- Oct 04, 2024
- Research Description
- The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present.
- Affected versions
-
max 2.7.4.
- Status
-
vulnerable
Jul 15, 2024
Product Delivery Date for WooCommerce – Lite # CVE-2024-38702
- CVE, Research URL
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
Jun 10, 2024
Product Delivery Date for WooCommerce – Lite # CVE-2023-52210
- CVE, Research URL
- Date
- Dec 23, 2025
- Research Description
- Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
Jun 06, 2024
Product Delivery Date for WooCommerce – Lite # 36527bf4ff6ec36257379aa2265836722ae78333
- CVE, Research URL
- Date
- Jan 03, 2024
- Research Description
- Product Delivery Date for WooCommerce – Lite [product-delivery-date-for-woocommerce-lite] < 2.7.1 WordPress Product Delivery Date for WooCommerce – Lite Plugin <= 2.7.0 is vulnerable to Broken Access Control Update the WordPress Product Delivery Date for WooCommerce – Lite plugin to the latest available version (at least 2.7.1). Mika discovered and reported this Broken Access Control vulnerability in WordPress Product Delivery Date for WooCommerce – Lite Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 2.7.1. Have additional information or questions about this entry? Get in touch.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable