PatchSiren cyber security CVE debrief
CVE-2026-42386 tychesoftwares CVE debrief
CVE-2026-42386 is a critical unauthenticated SQL injection vulnerability in the Order Delivery Date for WooCommerce plugin. The vulnerability has a CVSS score of 9.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42386). The affected plugin versions are <= 4.5.1.
- Vendor
- tychesoftwares
- Product
- Order Delivery Date for WooCommerce
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites with the Order Delivery Date for WooCommerce plugin installed should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in the Order Delivery Date for WooCommerce plugin. This allows attackers to inject malicious SQL code, potentially leading to data breaches and other security issues.
Defensive priority
High
Recommended defensive actions
- Update the Order Delivery Date for WooCommerce plugin to a version greater than 4.5.1.
- Monitor your WordPress site for suspicious activity.
- Consider implementing additional security measures, such as firewall rules and intrusion detection systems.
Evidence notes
The vulnerability was reported by Patchstack and is tracked under [ref-4](https://patchstack.com/database/wordpress/plugin/order-delivery-date-for-woocommerce/vulnerability/wordpress-order-delivery-date-for-woocommerce-plugin-4-5-1-sql-injection-vulnerability?_s_id=cve).
Official resources
-
CVE-2026-42386 CVE record
CVE.org
-
CVE-2026-42386 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42386 was published on 2026-06-15T21:16:54.233Z and modified on 2026-06-15T21:24:32.790Z.