CVE-2025-32689 HIGH

CVE-2025-32689: WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Vendor Convers Lab
Product WP SmartPay
Weakness CWE-1284
Published September 9, 2025
Last update April 29, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2.

Explanation of Vulnerability in Simple Terms

02Summary

WP SmartPay versions 2.8.2 and earlier contain an integrity vulnerability that allows unauthenticated attackers to modify data over the network without user interaction. The vulnerability has a CVSS score of 7.5 (high severity). No confidentiality or availability impact is present. Site administrators should update to a version newer than 2.8.2 when available.

What an attacker can do

03Attacker Capabilities

Modify site data without authentication or user interaction.

Potential impact on your site

04Site Impact

Attackers can alter plugin data, settings, or transactions without logging in.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user action required.

Key dates

06Disclosure timeline

September 9, 2025 CVE published
April 29, 2026 Record updated