CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

April 25, 2025

CVE ID : CVE-2025-3743

Published : April 25, 2025, 7:15 a.m. | 15 minutes ago

Description : The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3866 – Google Plus One Social Share Button CSRF Vulnerability

Next Article CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

Highlights

CVE-2025-5170 – LliSoft MTA Maita Training System SQL Injection Vulnerability

May 26, 2025

CVE ID : CVE-2025-5170

Published : May 26, 2025, 5:15 a.m. | 3 hours, 56 minutes ago

Description : A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file comllisoftcontrolleradminshitiAdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

DistroWatch Weekly, Issue 1139

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

13 Best Free and Open Source Terminal-Based Podcast Tools

How to Change Redirect After Login/Register in Laravel Breeze

CVE-2023-7308 – NSFOCUS SecGate3600 Authentication Bypass Information Disclosure

CVE-2025-4633 – Airpointer Default Credentials Vulnerability

CVE-2025-5170 – LliSoft MTA Maita Training System SQL Injection Vulnerability

Top 7 High-Paying Affiliate Programs for Developers and Content Creators

Several Ubisoft games can now be purchased in the Xbox PC app, including Assassin’s Creed Shadows and Watch Dogs 2

CVE-2025-6181 – StrongDM Windows Privilege Escalation Remote Code Execution

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Related Posts