CVE-2025-3743 – The Upsell Funnel Builder for WooCommerce WordP... (How to Fix)

Q: What is the severity of CVE-2025-3743?

CVE-2025-3743 has a CVSS score of 5.3 (MEDIUM). The Upsell Funnel Builder for WooCommerce WordPress plugin allows unauthenticated attackers to manipulate order bump products and discounts before processing. This vulnerability affects all versions up to 3.0.0, potentially impacting any WordPress site using this plugin for WooCommerce upselling.

📋 TL;DR

The Upsell Funnel Builder for WooCommerce WordPress plugin allows unauthenticated attackers to manipulate order bump products and discounts before processing. This vulnerability affects all versions up to 3.0.0, potentially impacting any WordPress site using this plugin for WooCommerce upselling.

💻 Affected Systems

Products:

Upsell Funnel Builder for WooCommerce WordPress plugin

Versions: All versions up to and including 3.0.0

Operating Systems: Any OS running WordPress with WooCommerce

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with WooCommerce installed; vulnerability exists in default plugin configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add arbitrary products to orders with manipulated discounts, leading to financial loss, inventory discrepancies, and potential data exposure if product IDs are used to access restricted items.

🟠

Likely Case

Attackers exploit the vulnerability to apply unauthorized discounts or add different products to orders, resulting in revenue loss and order fulfillment issues.

🟢

If Mitigated

With proper input validation and access controls, the impact is limited to attempted attacks that fail due to server-side validation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a public function with clear manipulation points; exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.0.0

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3279944/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Upsell Funnel Builder for WooCommerce'. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the plugin to prevent exploitation while awaiting patch.

wp plugin deactivate upsell-order-bump-offer-for-woocommerce

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests manipulating 'add_offer_in_cart' parameters.
Monitor and audit order logs for unusual discount patterns or product ID changes.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins; if version is 3.0.0 or lower, it's vulnerable.

Check Version:

wp plugin get upsell-order-bump-offer-for-woocommerce --field=version

Verify Fix Applied:

After update, verify plugin version is above 3.0.0; test order bump functionality to ensure it processes correctly without parameter manipulation.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to 'add_offer_in_cart' endpoint with modified product_id or discount parameters
Order logs showing unexpected product additions or discount applications

Network Indicators:

HTTP requests containing manipulated 'product_id' or 'discount' fields in cart-related endpoints

SIEM Query:

source="wordpress.log" AND "add_offer_in_cart" AND ("product_id" OR "discount")

📊 Metadata

CVE ID: CVE-2025-3743

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-472

EPSS Score: 0.38% exploit probability (58.8th percentile)

Published: April 25, 2025

Last Updated: April 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3743, you might also want to check these: