WoodMart - Multipurpose WooCommerce Theme Vulnerability - CVE-2025-8097
So yesterday we had an interesting new vulnerability published, affecting at least 100k-200k WordPress websites.
Vulnerabilities found in websites that use WooCommerce are sensitive by nature, as they are all online shops, presumably with payments and everything that goes with the online shopping experience.
The vulnerability was recorded as CVE-2025-8097 and was assigned a CVSS score of 5.3, which is quite low if you ask me, and here's why:
The WoodMart WordPress theme has a vulnerability in all versions up to and including 8.2.6, caused by inadequate validation of the 'qty' parameter in the 'woodmart_update_cart_item' function.
Because of this flaw, attackers who aren't logged in can change product quantities in the cart to very small fractional numbers (like 0.00001).
This can trick the system into reducing the cart total to $0.00, effectively letting them get virtual or downloadable products without paying.
I know that CVE has its guidance on how the severity of each vulnerability is calculated.
But in this case, giving just a score of 5.3 sounds misleading to me, considering that this bug allows anyone skilled enough to download any digital product without paying for it.
Heck, it allows you to buy any product, not only digital ones, for pennies. In large shops with lots of automation, this might even go unnoticed until too late.
So what should you do?
If you are using the WoodMart theme on your website, it's of utmost importance to update it immediately.
As long as you don't patch it, the vulnerability above allows for your website to be exploited.
The theme is a paid one, so you'll most likely need to get it from ThemeForest, unless you have the license and everything set up on your site, in which case you should be able to just update from your WP dashboard.
Need help?
Whether you need help for this specific problem or need a security or tech-SEO audit done on your website, I'm here to help.
Feel free to say hi or check some of my WP services.