cleantalk
Vulnerabilities and Security Researches

WordPress Simple Shopping Cart, CVE-2025-3529

CVE, Research URL

CVE-2025-3529

Home page URL

Security reports for WordPress Simple Shopping Cart

Application

WordPress Simple Shopping Cart

Published on
Apr 23, 2025
Research Description
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Affected versions
Min -, max 5.1.3.
Status
vulnerable
Previous vulnerability researches
Custom Skins Contact Form 7 (CVE-2024-12341) , Dec 13, 2024
New vulnerability
Admin and Site Enhancements (ASE) (CVE-2024-13688) , Apr 30, 2025
WordPress Simple Shopping Cart (CVE-2025-3529) , Apr 30, 2025
SecuPress Free — WordPress Security (CVE-2025-3452) , Apr 30, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-2893) , Apr 30, 2025
My Tickets (CVE-2025-3761) , Apr 29, 2025