CVE-2025-58599
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tychesoftwares | order_delivery_date_for_woocommerce | 4.1.0 |
| tychesoftwares | order_delivery_date_for_woocommerce | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress Order Delivery Date for WooCommerce plugin (up to version 4.1.0). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which can allow users with low-level access (Subscriber-level) to perform actions that should be restricted to higher-privileged users. [1]
How can this vulnerability impact me? :
The vulnerability could allow unprivileged users to perform unauthorized actions within the plugin, potentially leading to misuse or manipulation of order delivery settings. However, it has a low severity rating (CVSS 4.3) and is considered unlikely to be exploited. If exploited, it could impact the integrity of order delivery data or settings. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking the version of the Order Delivery Date for WooCommerce plugin installed on your WordPress site. You can verify the plugin version via the WordPress admin dashboard or by running commands on the server such as: `wp plugin list` (using WP-CLI) to list installed plugins and their versions. Additionally, monitoring for unauthorized actions performed by Subscriber-level users may indicate exploitation attempts. There are no specific commands provided for direct detection of the vulnerability itself. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Order Delivery Date for WooCommerce plugin to version 4.2.0 or later, where the vulnerability is fixed. If updating immediately is not possible, consider applying virtual patching (vPatching) offered by Patchstack to automatically mitigate the vulnerability without impacting performance. Also, enable auto-updates for the plugin to ensure timely patching. In case of suspected compromise, engage professional incident response and perform server-side malware scanning rather than relying on plugin-based malware scanners. [1]