CVE ID : CVE-2025-3530
Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago
Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More