What the vulnerability does
01Description
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Explanation of Vulnerability in Simple Terms
02Summary
Simple Shopping Cart versions 5.1.2 and earlier contain an integrity vulnerability allowing attackers to modify data without authentication. The vulnerability requires only network access and no user interaction. An attacker can alter shopping cart data, product information, or transaction records, potentially affecting order accuracy and customer trust.
What an attacker can do
03Attacker Capabilities
Modify shopping cart data, product information, or transaction records without authentication.
Potential impact on your site
04Site Impact
Orders, prices, and cart contents can be altered by attackers, leading to incorrect transactions and data corruption.
Conditions required to exploit
05Prerequisites
Network access to the affected Simple Shopping Cart installation; no authentication required.
Key dates
06Disclosure timeline
April 23, 2025
CVE published
April 8, 2026
Record updated