FKIE_CVE-2025-6025

Vulnerability from fkie_nvd - Published: 2025-08-15 03:15 - Updated: 2025-08-15 13:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail=
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted."
    },
    {
      "lang": "es",
      "value": "El complemento Order Tip for WooCommerce para WordPress es vulnerable a la validaci\u00f3n de entrada incorrecta no autenticada en todas las versiones hasta la 1.5.4 incluida. Esto se debe a la falta de validaci\u00f3n del lado del servidor en el atributo `data-tip`, lo que permite a atacantes no autenticados aplicar una propina excesiva o incluso negativa, lo que resulta en descuentos no autorizados que pueden incluir pedidos gratuitos, seg\u00fan el valor enviado."
    }
  ],
  "id": "CVE-2025-6025",
  "lastModified": "2025-08-15T13:12:51.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@wordfence.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-15T03:15:36.227",
  "references": [
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/assets/build/front.bundle.js"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/frontend/views/tip-form.php#L49"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3318615%40order-tip-woo\u0026new=3318615%40order-tip-woo\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "source": "security@wordfence.com",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-602"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.