2 matches found
WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection
Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...
CVE-2025-8198
CVE-2025-8198 - MinimogWP (WordPress Theme) Affected: MinimogWP – The High Converting eCommerce WordPress Theme, versions up to 3.9.0.Root cause: Insufficient validation of cart quantity inputs when adjusting item quantities, enabling price manipulation.Impact: Unauthenticated attackers can add i...