WooODT Lite allows attackers to pretend to be any user

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

WooODT Lite allows attackers to pretend to be any user

CVE-2025-69401

Summary

WooODT Lite, a plugin for WooCommerce, has a security weakness that lets attackers pretend to be any user, which can lead to unauthorized changes to orders or other sensitive information. This issue affects versions 1.0 through 2.5.2 of WooODT Lite, so update to the latest version to fix the issue.

Original title

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.

Original description

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.

nvd CVSS3.1 7.5

Vulnerability type

CWE-290

https://patchstack.com/database/Wordpress/Plugin/byconsole-woo-order-delivery-ti...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026