WordPress Plugin Vulnerabilities

Product Delivery Date for WooCommerce – Lite < 2.7.1 - Missing Authorization

Description

The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to delete special deliveries.

Affects Plugins

Plugin icon
product-delivery-date-for-woocommerce-lite
Fixed in 2.7.1

References

CVE
CVE-2023-52210
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
03078497-03b9-4a97-80d8-1cc8edea1c04

Timeline

Publicly Published
2024-01-03 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-02-10
Title
Gallery by FooGallery < 3.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure
Published
2024-09-24
Title
JoomSport < 5.6.4 - Missing Authorization
Published
2025-04-04
Title
MasterStudy LMS < 3.5.29 - Missing Authorization
Published
2026-01-07
Title
ShopMagic < 4.7.3 - Missing Authorization
Published
2026-03-07
Title
Contact Form by WPForms < 1.9.9.4 - Missing Authorization