cleantalk
Vulnerabilities and Security Researches

Simpler Checkout, CVE-2025-7642

CVE, Research URL

CVE-2025-7642

Home page URL

Security reports for Simpler Checkout

Application

Simpler Checkout

Published on
Aug 23, 2025
Research Description
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in as an admin through the simplerwc_woocommerce_order_created() function. This makes it possible for unauthenticated attackers to log in as other users based on their order ID, which can be an administrator if a site admin has placed a test order.
Affected versions
Min 0.7.0, max 1.1.9.
Status
vulnerable
Previous vulnerability researches
Accordion Slider Lite (CVE-2024-11892) , Jan 12, 2025
New vulnerability
Simpler Checkout (CVE-2025-7642) , Aug 26, 2025
Sessions (CVE-2025-57890) , Aug 25, 2025
WP Admin Theme (CVE-2025-48325) , Aug 25, 2025
Site Offline Or Coming Soon Or Maintenance Mode (CVE-2025-48348) , Aug 25, 2025
Ni WooCommerce Customer Product Report (CVE-2025-7827) , Aug 25, 2025