{"id":34121,"date":"2025-05-02T03:40:17","date_gmt":"2025-05-02T03:40:17","guid":{"rendered":""},"modified":"2025-05-30T17:53:58","modified_gmt":"2025-05-30T23:53:58","slug":"cve-2025-2907-critical-vulnerability-in-order-delivery-date-wordpress-plugin-could-allow-full-site-takeover","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-2907-critical-vulnerability-in-order-delivery-date-wordpress-plugin-could-allow-full-site-takeover\/","title":{"rendered":"<strong>CVE-2025-2907: Critical Vulnerability in Order Delivery Date WordPress Plugin Could Allow Full Site Takeover<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>In the rapidly evolving landscape of cybersecurity threats, a new vulnerability, CVE-2025-2907, has been identified in the Order Delivery Date WordPress plugin versions prior to 12.3.1. This vulnerability is of particular concern due to its potential for facilitating a complete site takeover by an attacker. It primarily affects website <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-2775-unauthenticated-xxe-vulnerability-in-sysaid-on-prem-versions-leading-to-administrator-account-takeover\/\"  data-wpil-monitor-id=\"43818\">administrators using the mentioned versions<\/a> of the plugin, but the impacts could potentially extend to users and stakeholders of the affected websites. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1290-high-severity-race-condition-use-after-free-vulnerability-in-kernel-5-4-on-chromeos\/\"  data-wpil-monitor-id=\"41782\">severity of this vulnerability<\/a> underscores the necessity for urgent attention and remediation.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-2907<br \/>\nSeverity: Critical (9.8 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32857-sql-injection-vulnerability-in-telecontrol-server-basic-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"39957\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3501727861\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Order Delivery Date <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3520-wordpress-avatar-plugin-arbitrary-file-deletion-vulnerability\/\"  data-wpil-monitor-id=\"40747\">WordPress Plugin<\/a> | before 12.3.1<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32843-sql-injection-vulnerability-in-telecontrol-server-basic-leading-to-authorization-bypass-and-data-manipulation\/\"  data-wpil-monitor-id=\"39958\">vulnerability resides in the lack of authorization<\/a> and Cross-Site Request Forgery (CSRF) checks during the import of settings in the Order Delivery Date WordPress plugin. Additionally, there is an absence of adequate checks to update only those options that are relevant to the plugin. This opens up a pathway for attackers to modify the default_user_role to &#8216;administrator&#8217; and alter the &#8216;users_can_register&#8217; option. Consequently, the attacker can register themselves as an administrator of the site, leading to a complete site takeover.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-310477144\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The following is a conceptual example of how the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47154-exploitation-of-use-after-free-vulnerability-in-libjs-in-ladybird\/\"  data-wpil-monitor-id=\"42928\">vulnerability might be exploited<\/a>. This is a hypothetical <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4829-critical-buffer-overflow-vulnerability-in-totolink-http-post-request-handler\/\"  data-wpil-monitor-id=\"52227\">HTTP request<\/a>, which an attacker could use to modify the default_user_role and users_can_register options.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/options.php HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\ndefault_user_role=administrator&amp;users_can_register=1&amp;option_page=general&amp;action=update&amp;_wpnonce=c6c13b4732&amp;_wp_http_referer=%2Fwp-admin%2Foptions-general.php<\/code><\/pre>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Website administrators using the Order Delivery Date <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-13418-critical-arbitrary-file-upload-vulnerability-in-multiple-wordpress-plugins-and-themes\/\"  data-wpil-monitor-id=\"42927\">WordPress plugin<\/a> should immediately upgrade to version 12.3.1 or later. If an immediate patch is not feasible, using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can serve as temporary mitigation. However, these are not long-term solutions and the vulnerability should be patched as soon as possible to prevent potential <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-23176-sql-injection-vulnerability-poses-serious-threat-to-data-security\/\"  data-wpil-monitor-id=\"39956\">site<\/a> compromise or data leakage.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview In the rapidly evolving landscape of cybersecurity threats, a new vulnerability, CVE-2025-2907, has been identified in the Order Delivery Date WordPress plugin versions prior to 12.3.1. This vulnerability is of particular concern due to its potential for facilitating a complete site takeover by an attacker. It primarily affects website administrators using the mentioned versions [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[90],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-34121","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-csrf"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/34121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=34121"}],"version-history":[{"count":6,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/34121\/revisions"}],"predecessor-version":[{"id":46727,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/34121\/revisions\/46727"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=34121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=34121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=34121"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=34121"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=34121"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=34121"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=34121"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=34121"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=34121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}