A high-severity vulnerability has been identified in the WordPress Order Delivery Date for WooCommerce Plugin. This security concern, originally discovered and reported by Phd, falls under the category of Cross-Site Scripting (XSS) vulnerabilities. This vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially compromising the security of the website and its visitors.

The vulnerability is an XSS vulnerability that occurs in the order-delivery-date-for-woocommerce.php file. The vulnerability allows an attacker to inject malicious scripts into the affected website by exploiting a flaw in the way that the plugin handles user input.

Severity:

The vulnerability has a CVSS 3.1 score of 7.1, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the Order Delivery Date for WooCommerce Plugin prior to 3.20.1.

Impact:

An attacker who successfully exploits this vulnerability could inject malicious scripts into the affected website, such as:

  • Redirects
  • Advertisements
  • Other HTML payloads

These malicious scripts could then be executed by visitors to the website, potentially leading to a variety of security risks, such as:

  • Phishing attacks
  • Malware infections
  • Identity theft

Recommendation:

Considering the critical nature of this vulnerability, Users of the Order Delivery Date for WooCommerce Plugin strongly recommend the following actions:

  • Immediate Update: Ensure that the WordPress Order Delivery Date for WooCommerce Plugin is updated to at least version 3.20.1 or the latest available version. This update includes vital security fixes to mitigate the XSS vulnerability and enhance the overall security of the plugin.
  • Regular Security Audits: Implement routine security audits for the WordPress website to detect and address vulnerabilities promptly.