CVE-2025-3874

Name of the Vulnerable Software and Affected Versions WordPress Simple Shopping Cart plugin versions up to, and including, 5.1.3

Description The issue is related to Insecure Direct Object Reference due to the lack of randomization of a user-controlled key. This allows unauthenticated attackers to access customer shopping carts, edit product links, add or delete products, and discover coupon codes.

Recommendations For WordPress Simple Shopping Cart plugin versions up to, and including, 5.1.3, update to a version higher than 5.1.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.