Security Advisory

CVE-2025-3529

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-23 07:06:49

Last updated 2026-04-08 17:06:39

Assigner Wordfence

State PUBLISHED

Description

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the file_url parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.

← Browse all CVEs View on cve.org ↗