{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6025", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-12T12:07:16.620Z", "datePublished": "2025-08-15T02:24:22.653Z", "dateUpdated": "2026-04-08T17:11:19.595Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:19.595Z"}, "affected": [{"vendor": "railmedia", "product": "Order Tip for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted."}], "title": "Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49"}, {"url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-602 Client-Side Enforcement of Server-Side Security", "cweId": "CWE-602", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rajesh Singh"}], "timeline": [{"time": "2025-06-02T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-06-12T14:44:53.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-14T13:51:21.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-15T12:43:50.775732Z", "id": "CVE-2025-6025", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:43:56.428Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6025", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-15T12:43:50.775732Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:43:53.085Z"}}], "cna": {"title": "Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts", "credits": [{"lang": "en", "type": "finder", "value": "Rajesh Singh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "railmedia", "product": "Order Tip for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-02T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-06-12T14:44:53.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-14T13:51:21.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49"}, {"url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:19.595Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6025", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:11:19.595Z", "dateReserved": "2025-06-12T12:07:16.620Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-15T02:24:22.653Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted."}, {"lang": "es", "value": "El complemento Order Tip for WooCommerce para WordPress es vulnerable a la validaci\u00f3n de entrada incorrecta no autenticada en todas las versiones hasta la 1.5.4 incluida. Esto se debe a la falta de validaci\u00f3n del lado del servidor en el atributo `data-tip`, lo que permite a atacantes no autenticados aplicar una propina excesiva o incluso negativa, lo que resulta en descuentos no autorizados que pueden incluir pedidos gratuitos, seg\u00fan el valor enviado."}], "id": "CVE-2025-6025", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-15T03:15:36.227", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-602"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:23:18.169674+00:00", "value": {"mitigation_remediation": ["Update the Order Tip for WooCommerce plugin to the latest available version that includes the server\u2011side tip validation fix.", "If an update cannot be applied immediately, temporarily disable the tip feature by removing the tip field from the checkout page or deactivating the plugin until the patch is available.", "Continuously review order logs for abnormal negative tip amounts and enforce audit trails for any suspicious transactions."], "summary": {"action": "Patch Plugin", "impact": "Unauthorized Discount"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to any WordPress site running the railmedia Order Tip for WooCommerce plugin version 1.5.4 or earlier. It affects all installations that expose the tip form during checkout and have not applied a patch that implements proper validation.", "description_and_impact": "The Order Tip for WooCommerce plugin is vulnerable to unhauthenticated improper input validation that allows attackers to set an excessive or negative tip amount on the checkout form. Because no server\u2011side check exists on the data-tip attribute, the plugin applies the value directly to the order total, leading to an unauthorized discount that can even bring the order cost to zero or a refund. This flaw directly compromises the financial integrity of transactions on affected sites.", "risk_and_exploitability": "The CVSS score of 7.5 denotes high severity, while the EPSS score of <\u00a01\u202f% suggests a low probability of exploitation at present. The issue is not listed in the CISA KEV catalog, indicating no confirmed exploitation. The likely attack path is through a crafted frontend request to the checkout endpoint, where an unauthenticated user can submit a negative tip value and receive an unauthorized discount."}}}}, "created": "2025-08-16T21:40:56.492274+00:00", "updated": "2026-04-21T19:30:06.087680+00:00", "vendors": ["woocommerce", "woocommerce$PRODUCT$woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}