Simple Payment

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-6688 CRITICAL PATCH Act Now

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

WordPress Authentication Bypass Simple Payment PHP

NVD

CVSS 3.1

9.8

EPSS

0.4%

CVE-2025-6688

EPSS 0% CVSS 9.8

CRITICAL PATCH Act Now

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

WordPress Authentication Bypass Simple Payment +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy