The Datalogics Ecommerce Delivery plugin is affected by a critical privilege escalation vulnerability that allows unauthenticated attackers to gain administrative control over the application.

This vulnerability allows unauthenticated attackers to elevate their privileges to that of an administrator within the Datalogics Ecommerce Delivery plugin for WordPress, bypassing standard security controls.

The exploit of this vulnerability grants full administrative access to the affected WordPress installation. Given the CVSS score of 9.8, this represents a critical risk that could lead to complete system compromise, unauthorized data exfiltration, and the deployment of malicious payloads, causing significant reputational and operational damage.

Immediate Action: Update the Datalogics Ecommerce Delivery plugin to version 2.6.63 or later immediately.

Proactive Monitoring: Review WordPress user access logs for suspicious account creation or modifications to administrative user roles.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to detect and block unauthorized attempts to access administrative functions or modify user privileges.

Public Exploit Available: False

This vulnerability presents a severe risk to the integrity of the affected environment. Administrators must prioritize updating the plugin to version 2.6.63 or later to mitigate the risk of administrative takeover.