CVE-2025-3529

Name of the Vulnerable Software and Affected Versions WordPress Simple Shopping Cart plugin versions up to and including 5.1.2

Description The issue allows unauthenticated attackers to access potentially sensitive information and download digital products without paying, through the file url parameter. This enables attackers to view confidential information.

Recommendations For versions up to and including 5.1.2, update to a version higher than 5.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the file url parameter to prevent unauthorized downloads.