CVE-2025-12115
WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it possible for unauthenticated attackers to purchase products at prices less than they should be able to.
| CWE | CWE-602 |
| Vendor | wpclever |
| Product | wpc name your price for woocommerce |
| Published | Oct 31, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpclever wpc name your price for woocommerce
Be the first to know when new high vulnerabilities affecting wpclever wpc name your price for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpclever / WPC Name Your Price for WooCommerce
0 โค 2.1.9
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/f64bc3c4-da89-4470-8353-d490f8bec408?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3386310%40wpc-name-your-price&new=3386310%40wpc-name-your-price&sfp_email=&sfph_mail=
Credits
Jonas Benjamin Friedli