Sensitive Information Exposure in WordPress Simple Shopping Cart Plugin
CVE-2025-3529

8.2HIGH

Key Information:

Vendor: WordPress
Status: WordPress Simple Shopping Cart
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-3529?

The Simple Shopping Cart plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit the 'file_url' parameter, potentially exposing sensitive information. This flaw enables unauthorized users to view and download digital products without payment, compromising the integrity of eCommerce transactions and user data.

Affected Version(s)

WordPress Simple Shopping Cart * <= 5.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wordpress-simp...

https://www.tipsandtricks-hq.com/ecommerce/wp-simple-cart...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Apr 11, 2025

Credit

Jack Taylor