CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

April 25, 2025

CVE ID : CVE-2025-3743

Published : April 25, 2025, 7:15 a.m. | 15 minutes ago

Description : The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3866 – Google Plus One Social Share Button CSRF Vulnerability

Next Article CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

How To Fix Largest Contentful Paint Issues With Subpart Analysis

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Prevent WordPress SQL Injection Attacks

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Oblivion Remastered loses the most helpful settings on PC thanks to a botched Game Pass update

Best PC gaming desktops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

As big hitting Xbox first-party titles head to PlayStation 5, which games would you like to see head the other way?

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Oblivion Remastered loses the most helpful settings on PC thanks to a botched Game Pass update

Best PC gaming desktops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

6 ways continuous learning can advance your career

Jay Parikh, former Meta exec, helms Microsoft’s new AI division for platforms & tools

Better xCloud lets you play on Xbox Cloud Gaming at a higher bitrate, but there’s a catch

Unable to find XPath for mouse hover

CISA Releases 2024 SAFECOM Guidance: Boosting Emergency Communications Nationwide

Cerebras CEO on DeepSeek: Every time computing gets cheaper, the market gets bigger

Cancellation, Part 5: Registration

Advancing Medical Reasoning with Reinforcement Learning from Verifiable Rewards (RLVR): Insights from MED-RLVR

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Related Posts