CVE-2025-59413

by Fred · 22/09/2025

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.

More information : https://github.com/cubecart/v6/commit/7fd1cd04f5d5c3ce1d7980327464f0ff6551de79

CVE-2025-59413

Similar

Recent Posts

Categories

CVE-2025-59413

Share this:

Similar

Recent Posts

Categories

Tags