CVE-2025-2907 Scanner

CVE-2025-2907 Scanner - Arbitrary Option Update vulnerability in Order Delivery Date Pro for WooCommerce

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

9 days 14 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Order Delivery Date Pro for WooCommerce is a WordPress plugin that enhances the WooCommerce shopping experience by allowing customers to select preferred delivery dates for their orders. It provides businesses with the ability to offer flexible delivery options and helps streamline the order fulfillment process. The plugin integrates directly with WooCommerce, enabling users to manage delivery date options within their existing ecommerce framework. It supports custom delivery windows, time slots, and even delivery restrictions based on geographic locations. The plugin is widely used by online retailers to improve customer satisfaction and optimize delivery management. It is known for its ease of integration and its ability to be customized to meet various business needs.

This vulnerability affects versions of the Order Delivery Date Pro plugin before 12.3.1. The plugin fails to implement proper authorization and CSRF (Cross-Site Request Forgery) protections when importing settings. This oversight allows attackers to manipulate critical options like 'default_user_role' and 'users_can_register' via an imported configuration file. As a result, an attacker can modify the default user role to 'administrator' and enable user registration with administrator privileges, allowing for full site takeover. This vulnerability is critical because it provides unauthenticated attackers with administrative access, which could lead to the complete compromise of the site.

The vulnerability arises from the improper handling of imported settings in the 'orddd_import' function. Attackers can craft a malicious JSON file with specific changes to the 'default_role' and 'users_can_register' options. When imported, these settings allow an attacker to automatically elevate their privileges to an administrator and enable unauthorized registration. This can be done without authentication, making the vulnerability particularly dangerous. The import process does not check the validity of the file or ensure that only authorized users can import such critical settings, thus facilitating the attack.

If successfully exploited, this vulnerability allows attackers to completely take over a WooCommerce site by granting themselves administrator privileges. Once an attacker gains administrator access, they can manipulate or delete site data, install malware, steal customer information, or perform other malicious actions. This could result in significant data breaches, financial loss, and damage to the reputation of the affected organization. Since the attack does not require authentication, it can be exploited by anyone, making it a critical security risk for all affected systems.

References:

Get started to protecting your digital assets