CVE-2025-6025
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-15

Last updated on: 2025-08-15

Assigner: Wordfence

Description
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-15
Last Modified
2025-08-15
Generated
2026-05-27
AI Q&A
2025-08-15
EPSS Evaluated
2026-05-25
NVD
CVE-2025-6025
EUVD
EUVD-2025-24962
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
woocommerce order-tip-for-woocommerce *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-602 The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in the Order Tip for WooCommerce plugin for WordPress is an Unauthenticated Improper Input Validation issue affecting all versions up to 1.5.4. It occurs because the plugin does not properly validate the 'data-tip' attribute on the server side, allowing unauthenticated attackers to submit excessive or negative tip amounts.


How can this vulnerability impact me? :

This vulnerability can allow attackers to apply unauthorized discounts, including making orders free or applying excessive tip amounts, potentially resulting in financial loss for the merchant using the plugin.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart