{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3530", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-11T22:18:57.487Z", "datePublished": "2025-04-23T07:06:49.749Z", "dateUpdated": "2026-04-08T17:28:46.040Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:46.040Z"}, "affected": [{"vendor": "mra13", "product": "Simple Shopping Cart", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item."}], "title": "WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L171"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L156"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L165"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L261"}, {"url": "https://www.tipsandtricks-hq.com/wordpress-simple-paypal-shopping-cart-plugin-768"}, {"url": "https://plugins.trac.wordpress.org/changeset/3275373/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter", "cweId": "CWE-472", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jack Taylor"}], "timeline": [{"time": "2025-04-22T19:06:27.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T16:28:45.433237Z", "id": "CVE-2025-3530", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:31:12.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T16:28:45.433237Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:31:01.691Z"}}], "cna": {"title": "WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation", "credits": [{"lang": "en", "type": "finder", "value": "Jack Taylor"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "mra13", "product": "Simple Shopping Cart", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-22T19:06:27.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L171"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L156"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L165"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L261"}, {"url": "https://www.tipsandtricks-hq.com/wordpress-simple-paypal-shopping-cart-plugin-768"}, {"url": "https://plugins.trac.wordpress.org/changeset/3275373/"}], "descriptions": [{"lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-472", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:46.040Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3530", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:28:46.040Z", "dateReserved": "2025-04-11T22:18:57.487Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-23T07:06:49.749Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item."}, {"lang": "es", "value": "El complemento WordPress Simple Shopping Cart para WordPress es vulnerable a la manipulaci\u00f3n de precios de productos en todas las versiones hasta la 5.1.2 incluida. Esto se debe a una falla l\u00f3gica relacionada con el uso inconsistente de par\u00e1metros durante el proceso de a\u00f1adir al carrito. El complemento utiliza el par\u00e1metro 'product_tmp_two' para calcular un hash de seguridad contra la manipulaci\u00f3n de precios mientras usa 'wspsc_product' para mostrar el producto, lo que permite a un atacante no autenticado sustituir los datos de un producto m\u00e1s econ\u00f3mico y omitir el pago por uno m\u00e1s caro."}], "id": "CVE-2025-3530", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-23T08:15:14.723", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L156"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L165"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L171"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L261"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3275373/"}, {"source": "security@wordfence.com", "url": "https://www.tipsandtricks-hq.com/wordpress-simple-paypal-shopping-cart-plugin-768"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:12:05.952774+00:00", "value": {"mitigation_remediation": ["Update the WordPress Simple PayPal Shopping Cart plugin to the latest available version (5.1.3 or newer) where the price handling logic has been corrected.", "If an upgrade cannot be performed immediately, modify the plugin\u2019s wp_shopping_cart.php file to enforce that the same product identifier is used for both the price hash calculation and the displayed product, thereby preventing the mismatch that permits manipulation.", "Restrict the cart addition endpoint so that it requires user authentication or a valid CSRF token before accepting product parameters; this reduces the risk that unauthenticated users can submit malicious requests."], "summary": {"action": "Upgrade Immediately", "impact": "Unauthenticated Product Price Manipulation"}, "threat_synthesis": {"affected_systems": "This vulnerability applies to WordPress sites that have the mra13 Simple PayPal Shopping Cart plugin installed at version 5.1.2 or earlier. Sites using any earlier release are also affected until they upgrade to a patched version.", "description_and_impact": "The WordPress Simple PayPal Shopping Cart plugin contains a logic flaw that allows an unauthenticated attacker to modify the product price during the cart addition process. By supplying a cheaper product identifier for the security hash parameter while referencing a more expensive product in the display parameter, the attacker can trigger a payment for a higher\u2011priced item at a lower cost, resulting in financial loss for the site owner and compromising the integrity of the checkout process. The weakness is a missing assignment of an implicit default parameter value, which enables inconsistent behavior between verification and display logic.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.5, indicating high severity, and an EPSS score of 1%, meaning exploitation is considered possible but currently unlikely, and it is not listed in CISA's KEV catalog. The attack can be performed by sending a crafted HTTP POST request to the cart endpoint with manipulated parameters; authentication is not required, so any visitor can exploit the flaw if the endpoint is publicly accessible."}}}}, "created": "2026-04-20T23:15:06.309881+00:00", "updated": "2026-04-20T23:15:06.309891+00:00", "vendors": []}