CVE-2024-32434: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Tyche Softwares Order Delivery Date for WooCommerce plugin, affecting versions through 3.20.2. The vulnerability was discovered and reported by Dhabaleshwar Das on January 25, 2024, and was assigned CVE-2024-32434. This security issue affects the WordPress plugin's functionality and was publicly disclosed on April 12, 2024 (Patchstack).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified under CWE-352 (Cross-Site Request Forgery) and requires user interaction to be exploited. The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication (Patchstack).

The vulnerability has been classified as having a low severity impact. If exploited, it could allow attackers to make authenticated users perform unintended actions on the affected WordPress sites running the vulnerable plugin version (Patchstack).

The vulnerability has been fixed in version 3.21.0 of the Order Delivery Date for WooCommerce plugin. Users are advised to update to version 3.21.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).