CVE-2025-7642
BaseFortify
Publication date: 2025-08-23
Last updated on: 2025-08-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | simpler_checkout | 0.7.0 |
| wordpress | simpler_checkout | 1.1.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Simpler Checkout plugin for WordPress allows unauthenticated attackers to bypass authentication and log in as other users, including administrators. It occurs because the plugin does not properly verify a user's identity before logging them in via the simplerwc_woocommerce_order_created() function, using the order ID as a key.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized administrative access to a WordPress site, potentially leading to full site compromise, data theft, data modification, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to unauthorized access to sensitive data, which may result in violations of data protection regulations such as GDPR and HIPAA, potentially causing legal and financial consequences for the affected organization.