Vulnerabilities and security researches forsimple-payment simple-payment

Nov 11, 2025

CVE, Research URL: CVE-2025-62076
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Nov 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.
Affected versions: max 2.4.6.
Status: vulnerable

CVE, Research URL: CVE-2025-62075
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Nov 06, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.
Affected versions: max 2.4.6.
Status: vulnerable

Jun 29, 2025

CVE, Research URL: CVE-2025-6688
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Jun 27, 2025
Research Description: The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
Affected versions: Min 1.3.6, max 2.3.9.
Status: vulnerable

Dec 15, 2024

CVE, Research URL: CVE-2024-54303
Home page URL: Security reports for Simple Payment
Application: Simple Payment
Date: Dec 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7.
Affected versions: max 2.3.7.
Status: vulnerable