cleantalk
Vulnerabilities and Security Researches

Order Tip for WooCommerce, CVE-2025-6025

CVE, Research URL

CVE-2025-6025

Home page URL

Security reports for Order Tip for WooCommerce

Application

Order Tip for WooCommerce

Published on
Aug 15, 2025
Research Description
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.
Affected versions
Min -, max 1.5.5.
Status
vulnerable
Previous vulnerability researches
Simplified Content (CVE-2016-1000150) , Jun 07, 2024
Simplified Plugin (CVE-2025-53241) , Aug 16, 2025
Simplified Plugin (CVE-2025-22654) , Feb 20, 2025
New vulnerability
Linux Promotional Plugin (CVE-2025-7668) , Aug 17, 2025
Poll Maker – Best WordPress Poll Plugin (CVE-2024-12575) , Aug 17, 2025
Add User Meta (CVE-2025-7688) , Aug 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-8896) , Aug 17, 2025
RSS Feed Pro (CVE-2025-53581) , Aug 17, 2025