CVE-2025-2907 — The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to t — CVE Database · The Intelligence Room