CVE-2025-2907
Overview
The Order Delivery Date Pro for WooCommerce plugin (pre-12.3.1) includes a flawed settings import feature that lacks both authorization and CSRF protections. Additionally, it fails to validate which WordPress options are being updated. As a result, attackers can manipulate critical options such as default_user_role and users_can_register ,enabling them to register as administrators and fully compromise the site. NVDwiz.ioWPScan
Severity & Risk Profile:
- CVSS v3.1 Base Score: 9.8 (Critical)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WPScan - EPSS (Exploit Prediction Scoring System): High likelihood (~6.2% probability, 90th percentile) wiz.io
- CWE Classification: CWE-862 - Missing Authorization WPScan
Mitigation:
Update the plugin to version 12.3.1 or later, which includes proper authorization and CSRF protections for the import functionality. wiz.io
Question.
Would you like to continue with a challenge question?
Vulnerability Mechanism
Identify the security flaw exploited by CVE-2025-2907.
Question:
What type of security flaw does CVE20252907 exploit?
A) SQL Injection
B) Missing Authorization and CSRF in settings import
C) Buffer Overflow
D) Cross-Site Scripting (XSS)
Privilege Escalation Path
Determine which WordPress options can be modified by an attacker through a privilege escalation vulnerability.
Question:
Which WordPress options can an attacker modify via this vulnerability?
A) Site title and tagline
B) default_user_role and users_can_register
C) Theme color settings
D) Timezone and date format
Exploit Requirements
Identify the required privilege level to exploit the vulnerability.
Question:
What level of privilege is needed to exploit this?
A) Admin login
B) Authenticated subscriber
C) No authentication required
D) Editor credentials
Severity Rating
Determine the CVSS v3.1 base score for the vulnerability's severity.
Qusetion:
What is the CVSS v3.1 base score for this vulnerability?
A) 5.0 (Medium)
B) 7.5 (High)
C) 9.8 (Critical)
D) 4.3 (Low)
Exploit Prediction
Assess the likelihood of exploitation based on the Exploit Prediction Scoring System (EPSS).
Question:
How likely is this vulnerability to be exploited (EPSS)?
A) Very low (<1%)
B) Moderate (~3%)
C) High (~6%)
D) Near certain (>50%)
Weakness Classification
Identify the CWE classification associated with CVE-2025-2907.
Question:
Which CWE is associated with CVE-2025-2907?
A) CWE-79 (XSS)
B) CWE-352 (CSRF)
C) CWE-862 (Missing Authorization)
D) CWE-94 (Code Injection)
Mitigation Recommendation
Determine the recommended fix to remediate the vulnerability.
Question:
What's the recommended fix to remediate this vulnerability?
A) Disable plugin functionality
B) Apply OS-level firewall rules
C) Upgrade plugin to version ≥ 12.3.1
D) Require manual user approval
Attack Mechanics
Question:
How might an attacker exploit this via a CTF-like PoC?
A) Upload arbitrary PHP files
B) POST malicious JSON to admin-ajax.php under the orddd_import action
C) Alter plugin .php files directly
D) Inject SQL via URL parameter
CTF Simulation Setup
Identify an additional security measure to protect against similar vulnerabilities beyond just patching.
Question:
In a lab environment, how would you simulate this vulnerability?
A) Replace wp-login.php with a shell
B) Craft a multipart POST to import options granting admin registration
C) Inject JavaScript into the theme header
D) Modify database via SQL injection