What the vulnerability does
01Description
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
Explanation of Vulnerability in Simple Terms
02Summary
MinimogWP theme versions up to 3.9.0 contain a vulnerability that allows attackers to modify site content without authentication. The flaw requires no user interaction and can be exploited remotely over the network. Site administrators should update to a version newer than 3.9.0 to prevent unauthorized content changes.
What an attacker can do
03Attacker Capabilities
Modify site content, pages, or posts without logging in.
Potential impact on your site
04Site Impact
Attackers can alter your site's content, potentially defacing pages or injecting malicious material.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 26, 2025
CVE published
April 8, 2026
Record updated