CVE-2025-8198
HIGHMinimogWP < 3.9.0 - Unauthenticated Price Manipulation via Cart Quantity Parameter
Title source: llmDescription
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
References (2)
Core 2
Core References
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve
Various Sources
https://changelog.thememove.com/minimog-wp/
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
23.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-472
Status
published
Products (1)
ThemeMove/MinimogWP – The High Converting eCommerce WordPress Theme
< 3.9.0
Published
Jul 26, 2025
Tracked Since
Feb 18, 2026