Home

Description

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

PUBLISHED Reserved 2025-04-11 | Published 2025-04-23 | Updated 2025-04-23 | Assigner Wordfence




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-472 External Control of Assumed-Immutable Web Parameter

Product status

Default status
unaffected

* (semver)
affected

Timeline

2025-04-22:Disclosed

Credits

Jack Taylor finder

References

www.wordfence.com/...-adc4-4633-a6a1-32ba50894be4?source=cve

plugins.trac.wordpress.org/...ags/5.1.2/wp_shopping_cart.php

plugins.trac.wordpress.org/...ags/5.1.2/wp_shopping_cart.php

plugins.trac.wordpress.org/...ags/5.1.2/wp_shopping_cart.php

plugins.trac.wordpress.org/...ags/5.1.2/wp_shopping_cart.php

www.tipsandtricks-hq.com/...-paypal-shopping-cart-plugin-768

plugins.trac.wordpress.org/changeset/3275373/

cve.org (CVE-2025-3530)

nvd.nist.gov (CVE-2025-3530)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.