WordPress Simple PayPal Shopping Cart < 5.1.3 – Unauthenticated Product Price Manipulation | CVE 2025-3530 | Plugin Vulnerabilities

Description

The plugin is vulnerable to product price manipulation due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Affects Plugins

wordpress-simple-paypal-shopping-cart

Fixed in 5.1.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Jack Taylor

Verified

No

WPVDB ID

f475de25-cbc0-42c4-82e9-950848422d1c

Timeline

Publicly Published

2025-04-22 (about 1 year ago)

Added

2025-04-23 (about 1 year ago)

Last Updated

2025-04-23 (about 1 year ago)

Other

Published

Title

Published

2026-06-05

Title

Charitable < 1.8.11.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter

Published

2026-04-16

Title

LatePoint < 5.4.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID

Published

2025-05-08

Title

WPBookit < 1.0.3 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update

Published

2024-04-22

Title

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Published

2025-11-20

Title

Return Refund and Exchange For WooCommerce < 4.5.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read