MinimogWP – The High Converting eCommerce WordPress Theme

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.

Basic Information

ID CVE-2025-8198

Source Wordfence

Published Jul 26, 2025 at 05:45

Modified Jul 28, 2025 at 15:57

Affected Product

Vendor ThemeMove

Product MinimogWP – The High Converting eCommerce WordPress Theme

Version *

Affected Versions ThemeMove MinimogWP – The High Converting eCommerce WordPress Theme *

CWE Classification

CWE-472

References

{
    "lastseen": "",
    "description": "The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.",
    "published": "2025-07-26T05:45:53.219Z",
    "modified": "2025-07-28T15:57:21.080Z",
    "type": "cve",
    "title": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfea0427-78dc-4151-864a-63b6761fc294?source=cve\nhttps://changelog.thememove.com/minimog-wp/",
    "id": "CVE-2025-8198",
    "bulletinFamily": "",
    "cwe": [
        "CWE-472"
    ],
    "cvelist": null,
    "sourceData": "ThemeMove MinimogWP \u2013 The High Converting eCommerce WordPress Theme *",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MinimogWP \u2013 The High Converting eCommerce WordPress Theme",
    "version": "*",
    "vendor": "ThemeMove",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation_CVE-2025-8198