fkie_cve-2025-8198
Vulnerability from fkie_nvd
Published
2025-07-26 06:15
Modified
2025-07-29 14:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
References
security@wordfence.comhttps://changelog.thememove.com/minimog-wp/
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed."
    },
    {
      "lang": "es",
      "value": "El tema MinimogWP \u2013 The High Converting eCommerce WordPress Theme para WordPress, es vulnerable a la manipulaci\u00f3n de precios en todas las versiones hasta la 3.9.0 incluida. Esto se debe a una comprobaci\u00f3n insuficiente de los valores de cantidad al modificar las cantidades en el carrito. Esto permite que atacantes no autenticados a\u00f1adan art\u00edculos al carrito y ajusten la cantidad a una fracci\u00f3n, lo que provoca que el precio cambie en funci\u00f3n de dicha fracci\u00f3n. Esta vulnerabilidad no se puede explotar si se instala WooCommerce versi\u00f3n 9.8.2 o superior."
    }
  ],
  "id": "CVE-2025-8198",
  "lastModified": "2025-07-29T14:14:55.157",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@wordfence.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-26T06:15:23.600",
  "references": [
    {
      "source": "security@wordfence.com",
      "url": "https://changelog.thememove.com/minimog-wp/"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-472"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.