CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

May 1, 2025

CVE ID : CVE-2025-3874

Published : May 1, 2025, 12:15 p.m. | 53 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3889 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Next Article CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-4101 – MultiVendorX WooCommerce Multivendor Marketplace Solutions Unauthenticated Data Deletion Vulnerability

May 17, 2025

CVE ID : CVE-2025-4101

Published : May 17, 2025, 1:15 p.m. | 3 hours, 30 minutes ago

Description : The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the ‘delete_fpm_product’ function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

The Fastest Way to Hire React Developers in 2026: An Ultimate Guide

Interview with Hamza Tahir: Co-founder and CTO of ZenML

Windows 11 Recall Adds Data Export for EU Users: Share Snapshots with Third Parties

Microsoft’s layoffs to top 9000 people, impacting around 4% of the firm’s entire workforce — “We continue to implement organizational changes”

CVE-2025-4101 – MultiVendorX WooCommerce Multivendor Marketplace Solutions Unauthenticated Data Deletion Vulnerability

CVE-2025-52794 – Creative-Solutions Creative Contact Form CSRF Stored XSS

Intel Unison stops working on Windows 11. Android, iPhone users now have one less choice

CVE-2025-0639 – GitLab CE/EE Service Availability Denial of Service

CVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Related Posts