CSRF Vulnerability in Simple Stripe Plugin by WordPress
CVE-2025-48085

8.8HIGH

Key Information:

Vendor: WordPress
Status: Simple Stripe
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-48085?

A Cross-Site Request Forgery (CSRF) vulnerability in the Simple Stripe plugin for WordPress allows attackers to exploit the application by tricking users into performing unintended actions, leading to the potential for Stored Cross-Site Scripting (XSS). This affects versions of the Simple Stripe plugin from its inception up to and including 0.9.17. Users are encouraged to update their plugins and implement robust security measures to safeguard against such vulnerabilities.

Affected Version(s)

Simple Stripe <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/simp...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
May 15, 2025

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program

JSON