Authentication Bypass in Simple Payment Plugin for WordPress
CVE-2025-6688

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Simple Payment
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-6688?

The Simple Payment plugin for WordPress contains a critical vulnerability allowing unauthenticated attackers to log in as administrative users. This issue arises from the inadequate verification of user identities during the login process utilizing the create_user() function. Versions 1.3.6 to 2.3.8 are particularly affected, which exposes sites to significant security risks if left unaddressed. Admins should update to the latest version immediately to remediate this vulnerability and protect sensitive site functions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Simple Payment 1.3.6 <= 2.3.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3318371/simp...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 25, 2025

Credit

Kenneth Dunn

JSON

WordPress

What is CVE-2025-6688?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.