CVE-2025-8198: 
WordPress vulnerability analysis and mitigation

CVE-2025-8198 affects the MinimogWP – The High Converting eCommerce WordPress Theme for WordPress in versions up to and including 3.9.0. The vulnerability allows unauthenticated attackers to manipulate product prices through insufficient validation of quantity values in the shopping cart (NVD). The vulnerability was discovered and disclosed on July 25, 2025.

The vulnerability stems from insufficient checks on quantity values when changing quantities in the cart. This allows attackers to add items to the cart and adjust the quantity to fractional amounts, which causes the price to change based on the fractional quantity entered. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility with no privileges required (NVD).

The vulnerability allows unauthenticated attackers to manipulate product prices in the cart by exploiting the quantity value validation weakness. This could lead to financial losses for store owners as attackers could potentially purchase products at artificially lowered prices (NVD).

The vulnerability was fixed in version 3.9.1 released on July 21, 2025. Users are advised to update to this version or later. Additionally, installing WooCommerce version 9.8.2 or later prevents exploitation of this vulnerability (Theme Changelog).