Description

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unauthenticated attackers to manipulate cart quantities using fractional values, allowing them to obtain products for free by setting extremely small quantities (e.g., 0.00001) that round cart totals to $0.00, effectively bypassing payment requirements and allowing unauthorized acquisition of virtual or downloadable products.

INFO

Published Date :

2025-07-26T06:43:22.481Z

Last Modified :

2025-07-28T15:51:51.746Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8097 vulnerability.

Vendors Products
Wordpress
  • Wordpress
Xtemos
  • Woodmart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8097.

URL Resource
https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact