Upsell Funnel Builder for WooCommerce < 3.0.1 – Unauthenticated Order Manipulation | CVE 2025-3743 | Plugin Vulnerabilities

Description

The plugin is vulnerable to order manipulation due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'add_offer_in_cart' function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.

Affects Plugins

upsell-order-bump-offer-for-woocommerce

Fixed in 3.0.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/b0e1546b-c8cc-4d57-9909-153209e3a9c6

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

p4

Verified

No

WPVDB ID

bc2fbe64-109d-4de0-8ac3-b27a3f122009

Timeline

Publicly Published

2025-04-24 (about 1 year ago)

Added

2025-04-25 (about 1 year ago)

Last Updated

2025-04-25 (about 1 year ago)

Other

Published

Title

Published

2026-02-26

Title

WP Recipe Maker < 10.3.3 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter

Published

2024-03-04

Title

FeedWordPress < 2024.0428 - Unauthenticated Draft Access

Published

2024-08-21

Title

User Private Files < 2.1.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access

Published

2022-09-29

Title

Quiz And Survey Master < 7.3.5 - Quiz Update via IDOR

Published

2025-01-06

Title

WP Job Portal – A Complete Recruitment System for Company or Job Board website < 2.2.6- Authenticated (Subscriber+) Insecure Direct Object Reference