CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

April 25, 2025

CVE ID : CVE-2025-3743

Published : April 25, 2025, 7:15 a.m. | 15 minutes ago

Description : The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3866 – Google Plus One Social Share Button CSRF Vulnerability

Next Article CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

CVE-2025-3931 – Yggdrasil DBus Unauthenticated Command Injection Vulnerability

EU Vulnerability Database Officially Launches Amid CVE Program Concerns

Raspberry Pi 5 Desktop Mini PC: Increase Swap Memory Size

CVE-2025-48387 – Tar-fs Directory Traversal Vulnerability

CVE-2024-30115 – HCL Leap Cross-Site Scripting (XSS)

The AI for Science Forum: A new era of discovery

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Philippines Prepares for 2025 Elections with Focus on Digital Integrity and Misinformation

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Related Posts