The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it possible for unauthenticated attackers to purchase products at prices less than they should be able to.
PUBLISHED5.2CWE-602
WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
Problem type
Affected products
wpclever
WPC Name Your Price for WooCommerce
<= 2.1.9 - AFFECTED
References
wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f64bc3c4-da89-4470-8353-d490f8bec408?source=cve
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3386310%40wpc-name-your-price&new=3386310%40wpc-name-your-price&sfp_email=&sfph_mail=
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-12115",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"dateUpdated": "2025-10-31T18:43:39.464Z",
"dateReserved": "2025-10-23T15:27:17.832Z",
"datePublished": "2025-10-31T09:27:21.530Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-10-31T09:27:21.530Z"
},
"title": "WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration",
"descriptions": [
{
"lang": "en",
"value": "The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it possible for unauthenticated attackers to purchase products at prices less than they should be able to."
}
],
"affected": [
{
"vendor": "wpclever",
"product": "WPC Name Your Price for WooCommerce",
"defaultStatus": "unaffected",
"versions": [
{
"version": "*",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.1.9"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"cweId": "CWE-602",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f64bc3c4-da89-4470-8353-d490f8bec408?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3386310%40wpc-name-your-price&new=3386310%40wpc-name-your-price&sfp_email=&sfph_mail="
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
}
],
"timeline": [
{
"time": "2025-10-29T02:26:02.000+00:00",
"lang": "en",
"value": "Vendor Notified"
},
{
"time": "2025-10-30T00:00:00.000+00:00",
"lang": "en",
"value": "Disclosed"
}
],
"credits": [
{
"lang": "en",
"value": "Jonas Benjamin Friedli",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T18:43:39.464Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}