Cross-site Scripting Vulnerability in Simple Payment by Ido Kobelkowsky
CVE-2025-62076
7.1HIGH
What is CVE-2025-62076?
The Simple Payment plugin for WordPress, developed by Ido Kobelkowsky, has a vulnerability that allows for improper neutralization of input during web page generation, leading to potential Cross-site Scripting (XSS) attacks. This vulnerability affects versions up to 2.4.6 of the plugin, allowing malicious users to inject arbitrary web scripts into pages viewed by other users. This can lead to unauthorized actions, data theft, and compromise of user sessions. Ensuring your plugins are updated and implementing best security practices is essential to mitigate such risks.
Affected Version(s)
Simple Payment <= n/a