CVE-2025-3529

Published Apr 23, 2025

Last updated 2 months ago

CVSS high 8.2

Overview

Description
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
4.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-201

Social media

Hype score
Not currently trending

  1. CVE-2025-3529 (CVSS:8.2, HIGH) is Awaiting Analysis. The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions ..https://t.co/tWWQ6mlIzT #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    28 Apr 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-3529 🔴 HIGH (8.2) 🏢 mra13 - WordPress Simple Shopping Cart 🏗️ * 🔗 https://t.co/943JS7RnLu 🔗 https://t.co/TYBOrZKAIg 🔗 https://t.co/eOmxa4tMfu 🔗 https://t.co/lt8oF2mDoV 🔗 https://t.co/4OIjrZNunl #CyberCron #VulnAlert #InfoSec https://t.co/LOdc5Lsjo4

    @cybercronai

    23 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3529 Unauthenticated Sensitive Information Exposure in WordPress Simple Shopping Cart Plugin https://t.co/8FgnwWRQMB

    @VulmonFeeds

    23 Apr 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. �� CVE-2025-3529 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-23 08:15:14 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/5HyzMUctaB

    @vulns_space

    23 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-3529 The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' p… https://t.co/3G46WZOomS

    @CVEnew

    23 Apr 2025

    463 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.