{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8198", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-25T16:26:50.958Z", "datePublished": "2025-07-26T05:45:53.219Z", "dateUpdated": "2025-07-28T15:57:21.080Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-26T05:45:53.219Z"}, "affected": [{"vendor": "ThemeMove", "product": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.9.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed."}], "title": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve"}, {"url": "https://changelog.thememove.com/minimog-wp/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter", "cweId": "CWE-472", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Vijay"}], "timeline": [{"time": "2025-07-25T16:30:16.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T15:57:15.856126Z", "id": "CVE-2025-8198", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T15:57:21.080Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8198", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T15:57:15.856126Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T15:57:17.792Z"}}], "cna": {"title": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation", "credits": [{"lang": "en", "type": "finder", "value": "Vijay"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "ThemeMove", "product": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.9.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-25T16:30:16.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve"}, {"url": "https://changelog.thememove.com/minimog-wp/"}], "descriptions": [{"lang": "en", "value": "The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-472", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-26T05:45:53.219Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8198", "state": "PUBLISHED", "dateUpdated": "2025-07-28T15:57:21.080Z", "dateReserved": "2025-07-25T16:26:50.958Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-26T05:45:53.219Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed."}, {"lang": "es", "value": "El tema MinimogWP \u2013 The High Converting eCommerce WordPress Theme para WordPress, es vulnerable a la manipulaci\u00f3n de precios en todas las versiones hasta la 3.9.0 incluida. Esto se debe a una comprobaci\u00f3n insuficiente de los valores de cantidad al modificar las cantidades en el carrito. Esto permite que atacantes no autenticados a\u00f1adan art\u00edculos al carrito y ajusten la cantidad a una fracci\u00f3n, lo que provoca que el precio cambie en funci\u00f3n de dicha fracci\u00f3n. Esta vulnerabilidad no se puede explotar si se instala WooCommerce versi\u00f3n 9.8.2 o superior."}], "id": "CVE-2025-8198", "lastModified": "2025-07-29T14:14:55.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-07-26T06:15:23.600", "references": [{"source": "security@wordfence.com", "url": "https://changelog.thememove.com/minimog-wp/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}