Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-2907 PoC — Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

Source
https://github.com/Yucaerin/CVE-2025-2907
Associated Vulnerability
Title:Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update (CVE-2025-2907)
Description:The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.
Description
Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update
File Snapshot

 [4.0K]  /data/pocs/ffe621647e8a3031fe81422d8c5ac4746ecfc5fa
├── [1.9K]  CVE-2025-2907.py
├── [1.6K]  readme.md
└── [   9]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →