{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3529", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-11T20:42:09.953Z", "datePublished": "2025-04-23T07:06:49.072Z", "dateUpdated": "2026-04-08T17:06:39.611Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:39.611Z"}, "affected": [{"vendor": "mra13", "product": "Simple Shopping Cart", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it."}], "title": "WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L92"}, {"url": "https://www.tipsandtricks-hq.com/ecommerce/wp-simple-cart-sell-digital-downloads-2468"}, {"url": "https://wordpress.org/plugins/wordpress-simple-paypal-shopping-cart/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3275373/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-201 Insertion of Sensitive Information Into Sent Data", "cweId": "CWE-201", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jack Taylor"}], "timeline": [{"time": "2025-04-22T19:00:28.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T18:21:17.059801Z", "id": "CVE-2025-3529", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:22:39.548Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it."}, {"lang": "es", "value": "El complemento WordPress Simple Shopping Cart para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 5.1.2 incluida, a trav\u00e9s del par\u00e1metro 'file_url'. Esto permite que atacantes no autenticados accedan a informaci\u00f3n potencialmente confidencial y descarguen un producto digital sin pagar."}], "id": "CVE-2025-3529", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-23T08:15:14.527", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L92"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3275373/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wordpress-simple-paypal-shopping-cart/#developers"}, {"source": "security@wordfence.com", "url": "https://www.tipsandtricks-hq.com/ecommerce/wp-simple-cart-sell-digital-downloads-2468"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T04:13:11.846382+00:00", "value": {"mitigation_remediation": ["Upgrade the WordPress Simple Shopping Cart plugin to the latest available version that contains the fix for the file_url parameter issue.", "If an immediate upgrade is not feasible, configure the web server or reverse proxy to block or reject HTTP requests that contain the file_url parameter before they reach the plugin.", "Implement or enforce authentication checks for downloadable digital products so that a purchase confirmation or user authentication is required prior to file delivery."], "summary": {"action": "Patch Immediately", "impact": "Information Exposure"}, "threat_synthesis": {"affected_systems": "All installations of the WordPress Simple Shopping Cart plugin with a version equal to or earlier than 5.1.2 are affected. The issue resides in the handling of the file_url parameter inside the plugin\u2019s code, which does not enforce any access checks before allowing the download or exposure of a requested file.", "description_and_impact": "The WordPress Simple Shopping Cart plugin is affected by a vulnerability that allows sensitive information disclosure through the file_url parameter. This flaw enables attackers who do not have authentication credentials to access and download files or digital products that the plugin serves, potentially exposing private data or permitting unauthorized purchases.", "risk_and_exploitability": "The CVSS score of 8.2 places this issue in the high severity range, while the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker can trigger the exposure by crafting a URL that includes a file_url parameter pointing to the desired file, thereby executing the flaw without site credentials."}}}}, "created": "2026-04-22T04:15:07.540212+00:00", "updated": "2026-04-22T04:15:07.540224+00:00", "vendors": []}