CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

April 23, 2025

CVE ID : CVE-2025-3530

Published : April 23, 2025, 8:15 a.m. | 1 hour, 45 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter ‘product_tmp_two’ for computing a security hash against price tampering while using ‘wspsc_product’ to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciata CachyOS Aprile 2025: Correzioni e Aggiunta di OCCT

Next Article CVE-2025-2595 – CODESYS Visualization Forced Browsing Vulnerability

Highlights

CVE-2025-46550 – YesWiki Reflected Cross-Site Scripting Vulnerability

April 29, 2025

CVE ID : CVE-2025-46550

Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

AI-enabled software development: Risk of skill erosion or catalyst for growth?

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Power bank slapped with a recall? Stop using it now – here’s why

I recommend these budget earbuds over pricier Bose and Sony models – here’s why

Microsoft’s big AI update for Windows 11 is here – what’s new

Slow internet speed on Linux? This 30-second fix makes all the difference

Singleton and Scoped Container Attributes in Laravel 12.21

Singleton and Scoped Container Attributes in Laravel 12.21

wulfheart/laravel-actions-ide-helper

lanos/laravel-cashier-stripe-connect

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

Sam Altman is “terrified” of voice ID fraudsters embracing AI — and threats of US bioweapon attacks keep him up at night

NVIDIA boasts a staggering $111 million in market value per employee — since it became the world’s first $4 trillion company

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Expert Swift [SUBSCRIBER]

CVE-2025-27523 – Hitachi JP1/IT Desktop Management 2 – Smart Device Manager XXE Injection Vulnerability

Use AI at work? You might be ruining your reputation, a new study finds

CVE-2025-5147 – Netcore NBR1005GPEV2, NBR200V2, B6V2 Command Injection Vulnerability

CVE-2025-46550 – YesWiki Reflected Cross-Site Scripting Vulnerability

People of Perficient: Spotlight on Cecilia Prieto

CVE-2025-7132 – Campcodes Payroll Management System SQL Injection Vulnerability

CVE-2025-2561 – Ninja Forms Stored Cross-Site Scripting Vulnerability

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

Related Posts