CVE-2025-3530

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.

El complemento WordPress Simple Shopping Cart para WordPress es vulnerable a la manipulación de precios de productos en todas las versiones hasta la 5.1.2 incluida. Esto se debe a una falla lógica relacionada con el uso inconsistente de parámetros durante el proceso de añadir al carrito. El complemento utiliza el parámetro 'product_tmp_two' para calcular un hash de seguridad contra la manipulación de precios mientras usa 'wspsc_product' para mostrar el producto, lo que permite a un atacante no autenticado sustituir los datos de un producto más económico y omitir el pago por uno más caro.