How severe is CVE-2025-3889?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-3889?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2025-3889 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.

Related Vulnerabilities

CVE-2018-10211

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.

CWE-6392018

CVE-2018-18976

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud pla...

CWE-6392018

CVE-2019-15581

MEDIUM

CVSS:5.3(Medium)

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via...

CWE-6392019

CVE-2019-15582

MEDIUM

CVSS:5.3(Medium)

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

CWE-6392019

CVE-2019-7864

MEDIUM

CVSS:5.3(Medium)

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized a...

CWE-6392019

CVE-2019-9170

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

CWE-6392019