CVE-2025-3529

HIGH Year: 2025
CVSS v3 Score
8.2
High
Weakness Type
CWE-201
View all →

Vulnerability Description

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.

Related Vulnerabilities

CVE-2024-25148

HIGH
CVSS:8.1(High)

In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter ...

CWE-2012024

CVE-2021-23019

HIGH
CVSS:7.8(High)

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

CWE-2012021

CVE-2023-3399

HIGH
CVSS:7.7(High)

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was ...

CWE-2012023

CVE-2023-1975

HIGH
CVSS:7.6(High)

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

CWE-2012023

CVE-2024-7872

HIGH
CVSS:7.6(High)

Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933.

CWE-2012024

CVE-2023-48240

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki req...

CWE-2012023