Primary

Context

WoodMart WordPress Theme Improper Input Validation Vulnerability Allowing Unauthenticated Cart Manipulation

Vulnerability

Patched

A vulnerability exists in the WoodMart theme for WordPress, specifically in versions through 8.2.6, due to improper input validation of the 'qty' parameter in the 'woodmart_update_cart_item' function. This flaw enables unauthenticated attackers to alter cart quantities by using fractional values. By setting extremely small quantities that round down to zero, attackers can bypass payment requirements and acquire virtual or downloadable products without authorization.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of cart quantities, potentially leading to the acquisition of products for free.

Remediation

Users are advised to update to WoodMart version 8.2.7 or a newer patched version.

Added: Jul 26, 2025, 7:25 AM

Updated: Jul 26, 2025, 7:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WoodMart WordPress Theme Improper Input Validation Vulnerability Allowing Unauthenticated Cart Manipulation

Vulnerability

Impact

Remediation

Affected Products

WoodMart

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating