Description
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
Published: 2025-07-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Price manipulation
Action: Upgrade Theme
AI Analysis

Impact

The MinimogWP theme allows an unauthenticated attacker to manipulate the price of items in a WooCommerce cart by entering a fractional quantity value, because the theme does not perform a proper check on the quantity. This flaw permits attackers to add any product to the cart and change its quantity to a non‑integer, causing the total price to be recalculated based on that fractional amount. The result is unauthorized price manipulation, which could lead to losses through underpricing or overpricing without the site owner’s consent.

Affected Systems

Any WordPress installation that uses MinimogWP – The High Converting eCommerce WordPress Theme version 3.9.0 or earlier is affected. The vulnerability only exists when the underlying WooCommerce plugin is older than version 9.8.2; sites running WooCommerce 9.8.2 or newer are immune even if the theme remains at a vulnerable version.

Risk and Exploitability

The flaw carries a CVSS score of 7.5, indicating a high severity risk, but the EPSS score of less than 1% shows that exploitation is unlikely at this time. The vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit the issue from any publicly reachable WooCommerce site without authentication, simply by adding an item to the cart and setting a fractional quantity value. The exploit does not require privileged access, and the impact is limited to the manipulation of the cart price for the attacker’s benefit.

Generated by OpenCVE AI on April 20, 2026 at 20:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the MinimogWP theme to a version newer than 3.9.0, where the quantity check has been fixed.
  • Upgrade WooCommerce to version 9.8.2 or later, which also removes the vulnerability even if the theme remains unchanged.
  • If an immediate update is not possible, implement a temporary workaround that restricts quantity inputs to whole numbers, such as adding a validation filter or disabling guest checkout.

Generated by OpenCVE AI on April 20, 2026 at 20:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-22780 The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
History

Thu, 31 Jul 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Mon, 28 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 26 Jul 2025 06:00:00 +0000

Type Values Removed Values Added
Description The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
Title MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation
Weaknesses CWE-472
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:24:45.937Z

Reserved: 2025-07-25T16:26:50.958Z

Link: CVE-2025-8198

cve-icon Vulnrichment

Updated: 2025-07-28T15:57:17.792Z

cve-icon NVD

Status : Deferred

Published: 2025-07-26T06:15:23.600

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-8198

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:15:06Z

Weaknesses