CVE-2025-8097
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-07-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woodmart | theme | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WoodMart WordPress theme up to version 8.2.6, where the qty parameter in the woodmart_update_cart_item function is not properly validated. This allows unauthenticated attackers to manipulate cart quantities using fractional values, such as 0.00001, which can cause the cart total to round down to $0.00. As a result, attackers can bypass payment requirements and obtain virtual or downloadable products for free.
How can this vulnerability impact me? :
The vulnerability can allow attackers to acquire products without paying by exploiting the improper input validation of cart quantities. This can lead to unauthorized acquisition of virtual or downloadable products, resulting in financial loss and potential abuse of the e-commerce system.