CVE-2025-59413

Medium CVSS: 6.5

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.

Vendor

Cubecart

Product

Cubecart

CWE

CWE-862

Yayın Tarihi

2025-09-22 17:16:09

Güncelleme

2025-09-23 16:49:02

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Cubecart MEDIUM Cubecart 2025

Referanslar

https://github.com/cubecart/v6/commit/7fd1cd04f5d5c3ce1d7980327464f0ff6551de79 https://github.com/cubecart/v6/commit/db965fcfa260c4f17eb16f8c5494e5af4a8ac271 https://github.com/cubecart/v6/commit/dbc58cf1f7a6291f7add5893b56bff7920a29128 https://github.com/cubecart/v6/security/advisories/GHSA-869v-gjv8-9m7f https://github.com/cubecart/v6/security/advisories/GHSA-869v-gjv8-9m7f

Benzer Kayıtlar

High

CVE-2025-59335

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration…

Medium

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML a…

Medium

CVE-2025-59412

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews featu…