CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

May 1, 2025

CVE ID : CVE-2025-3874

Published : May 1, 2025, 12:15 p.m. | 53 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3889 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Next Article CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

CVE-2025-43860 – OpenEMR Stored Cross-Site Scripting (XSS) Vulnerability

Researchers from the National University of Singapore Introduce ‘Thinkless,’ an Adaptive Framework that Reduces Unnecessary Reasoning by up to 90% Using DeGRPO

Amazon Bedrock Prompt Optimization Drives LLM Applications Innovation for Yuewen Group

CVE-2025-31247 – Apple macOS Unauthorized File System Access

CVE-2025-3473 – IBM Security Guardium Privilege Escalation Local Buffer Overflow

Gemini breaks new ground: a faster model, longer context and AI agents

CVE-2025-46528 – Steve Availability Calendar CSRF Stored XSS

Zentyal Server is a unified network server Linux distribution

CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Related Posts