CVE-2025-8198 HIGH

CVE-2025-8198: MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation

Vendor Thememove
Product MinimogWP – The High Converting eCommerce WordPress Theme
Weakness CWE-472
Published July 26, 2025
Last update April 8, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.

Explanation of Vulnerability in Simple Terms

02Summary

MinimogWP theme versions up to 3.9.0 contain a vulnerability that allows attackers to modify site content without authentication. The flaw requires no user interaction and can be exploited remotely over the network. Site administrators should update to a version newer than 3.9.0 to prevent unauthorized content changes.

What an attacker can do

03Attacker Capabilities

Modify site content, pages, or posts without logging in.

Potential impact on your site

04Site Impact

Attackers can alter your site's content, potentially defacing pages or injecting malicious material.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

July 26, 2025 CVE published
April 8, 2026 Record updated