CVE-2025-6025 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This…
High CVSS: 7.5

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.
Vendor
-
Product
-
CWE
CWE-602
Yayın Tarihi
2025-08-15 03:15:36
Güncelleme
2025-08-15 13:12:51
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-602 HIGH 2025

Referanslar

https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve