CVE-2025-8198: CWE-472 External Control of Assumed-Immutable Web Parameter in ThemeMove MinimogWP – The High Converting eCommerce WordPress Theme
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
AI Analysis
Technical Summary
The MinimogWP – The High Converting eCommerce WordPress Theme contains a vulnerability (CWE-472) where external control of an assumed-immutable web parameter (quantity in the cart) is insufficiently validated. This allows unauthenticated attackers to add items to the cart and set fractional quantities, causing the price to be manipulated based on these fractional amounts. The issue affects all versions up to 3.9.0. The vulnerability is mitigated if WooCommerce version 9.8.2 or newer is installed, which presumably enforces proper validation.
Potential Impact
An attacker can manipulate the price of items in the shopping cart by setting fractional quantities, potentially leading to financial loss or revenue manipulation for the eCommerce site. The vulnerability does not affect confidentiality or availability but impacts the integrity of pricing. No known exploits are reported in the wild at this time.
Mitigation Recommendations
No official patch from the theme vendor is indicated in the provided data. However, installing WooCommerce version 9.8.2 or later prevents exploitation of this vulnerability. Users should ensure their WooCommerce plugin is updated to at least version 9.8.2. Additionally, monitoring for theme updates from ThemeMove that address this issue is recommended. Patch status is not explicitly confirmed; check the vendor advisory for current remediation guidance.
CVE-2025-8198: CWE-472 External Control of Assumed-Immutable Web Parameter in ThemeMove MinimogWP – The High Converting eCommerce WordPress Theme
Description
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The MinimogWP – The High Converting eCommerce WordPress Theme contains a vulnerability (CWE-472) where external control of an assumed-immutable web parameter (quantity in the cart) is insufficiently validated. This allows unauthenticated attackers to add items to the cart and set fractional quantities, causing the price to be manipulated based on these fractional amounts. The issue affects all versions up to 3.9.0. The vulnerability is mitigated if WooCommerce version 9.8.2 or newer is installed, which presumably enforces proper validation.
Potential Impact
An attacker can manipulate the price of items in the shopping cart by setting fractional quantities, potentially leading to financial loss or revenue manipulation for the eCommerce site. The vulnerability does not affect confidentiality or availability but impacts the integrity of pricing. No known exploits are reported in the wild at this time.
Mitigation Recommendations
No official patch from the theme vendor is indicated in the provided data. However, installing WooCommerce version 9.8.2 or later prevents exploitation of this vulnerability. Users should ensure their WooCommerce plugin is updated to at least version 9.8.2. Additionally, monitoring for theme updates from ThemeMove that address this issue is recommended. Patch status is not explicitly confirmed; check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-07-25T16:26:50.958Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 688573fcad5a09ad006b9cc1
Added to database: 7/27/2025, 12:34:04 AM
Last enriched: 4/9/2026, 10:50:12 AM
Last updated: 5/9/2026, 6:10:43 AM
Views: 206
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.