How severe is CVE-2025-3530?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-3530?

This is classified as CWE-472, which is a common weakness in software security.

CVE-2025-3530 - HIGH Severity | CVSS 7.5

Vulnerability Description

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

Related Vulnerabilities

CVE-2025-22384

HIGH

CVSS:7.5(High)

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to...

CWE-4722025

CVE-2025-25382

HIGH

CVSS:7.5(High)

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.

CWE-4722025

CVE-2024-9123

HIGH

CVSS:7.1(High)

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CWE-4722024

CVE-2025-47245

HIGH

CVSS:8.1(High)

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.

CWE-4722025

CVE-2023-38520

MEDIUM

CVSS:6.5(Medium)

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9...

CWE-4722023

CVE-2025-29788

MEDIUM

CVSS:6.5(Medium)

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment am...

CWE-4722025