CVE-2025-3529

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Apr 23, 2025

CWE ID 201

Summary

CVE-2025-3529 is a vulnerability affecting the WordPress Simple Shopping Cart plugin. In versions up to 5.1.2, this issue permits unauthenticated attackers to access sensitive information through the 'file_url' parameter. As a result, they can view potentially confidential data and download digital products without payment. This exposure poses a significant security risk, allowing unauthorized access to protected information and resources. WordPress users are advised to update to the latest version of the plugin to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5J2xhE
https://www.cve.org/CVERecord?id=CVE-2025-3529
https://nvd.nist.gov/vuln/detail/CVE-2025-3529

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners

CVE-2025-3529

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations