CVE-2025-58599: 
WordPress vulnerability analysis and mitigation

The CVE-2025-58599 is a Missing Authorization vulnerability affecting tychesoftwares Order Delivery Date for WooCommerce plugin through version 4.1.0. The vulnerability allows exploiting incorrectly configured access control security levels, enabling authenticated users with Subscriber-level access and above to perform unauthorized actions (Rapid7, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and doesn't require user interaction. The impact primarily affects integrity with low severity, while confidentiality and availability remain unaffected (Patchstack).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to perform unauthorized actions within the WooCommerce Order Delivery Date plugin. The impact is primarily focused on integrity with low severity, while maintaining no impact on system confidentiality or availability (Rapid7).

Users are advised to update to version 4.2.0 or later of the Order Delivery Date for WooCommerce plugin to address this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).