CVE-2025-8198
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-07-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thememove | minimog | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-472 | The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the MinimogWP WordPress theme up to version 3.9.0 and allows unauthenticated attackers to manipulate prices by exploiting insufficient checks on quantity values in the shopping cart. Attackers can add items to the cart and set fractional quantities, which causes the price to be calculated incorrectly based on these fractional amounts. This issue is fixed in version 3.9.1 and cannot be exploited if WooCommerce version 9.8.2 or higher is installed. [1]
How can this vulnerability impact me? :
The vulnerability can lead to price manipulation in an eCommerce store using the MinimogWP theme, allowing attackers to pay less than the intended price by setting fractional quantities of products in the cart. This can result in financial loss and revenue impact for the store owner. Since the vulnerability can be exploited without authentication, it poses a significant risk until patched.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the MinimogWP theme to version 3.9.1 or later, which contains the fix for CVE-2025-8198. Additionally, ensure that WooCommerce is updated to version 9.8.2 or higher, as the vulnerability cannot be exploited if this WooCommerce version is installed. [1]