CVE-2025-3743 Information

Description

The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to and including 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump and arbitrarily update the discount applied to any order bump item when adding it to the cart.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://plugins.trac.wordpress.org/browser/upsell-order-bump-offer-for-woocommerce/tags/3.0.0/public/class-upsell-order-bump-offer-for-woocommerce-public.php#L1771 https://plugins.trac.wordpress.org/browser/upsell-order-bump-offer-for-woocommerce/tags/3.0.0/public/class-upsell-order-bump-offer-for-woocommerce-public.php#L1773 https://plugins.trac.wordpress.org/browser/upsell-order-bump-offer-for-woocommerce/tags/3.0.0/public/class-upsell-order-bump-offer-for-woocommerce-public.php#L1818 https://plugins.trac.wordpress.org/browser/upsell-order-bump-offer-for-woocommerce/tags/3.0.0/public/class-upsell-order-bump-offer-for-woocommerce-public.php#L1829 https://plugins.trac.wordpress.org/changeset/3279944/ https://www.wordfence.com/threat-intel/vulnerabilities/id/b0e1546b-c8cc-4d57-9909-153209e3a9c6?source=cve

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3