CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

April 23, 2025

CVE ID : CVE-2025-3530

Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciata CachyOS Aprile 2025: Correzioni e Aggiunta di OCCT

Next Article CVE-2025-2595 – CODESYS Visualization Forced Browsing Vulnerability

Highlights

CVE-2025-5538 – WordPress BNS Featured Category Stored Cross-Site Scripting Vulnerability

June 6, 2025

CVE ID : CVE-2025-5538

Published : June 6, 2025, 7:15 a.m. | 33 minutes ago

Description : The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bnsfc’ shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

CVE-2025-5696 – Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE-2025-49184 – Apache Product Information Disclosure Vulnerability

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

CVE-2025-5538 – WordPress BNS Featured Category Stored Cross-Site Scripting Vulnerability

NVIDIA Brings DLSS 4 to Budget GPUs with RTX 5050 for $249

CVE-2025-7514 – Modern Bag SQL Injection Vulnerability

Benchmarking the Banana Pi BPI-F3 Single Board Computer

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

Related Posts