cleantalk
Vulnerabilities and Security Researches

Simpler Checkout, CVE-2025-7642

CVE, Research URL

CVE-2025-7642

Home page URL

Security reports for Simpler Checkout

Application

Simpler Checkout

Published on
Aug 23, 2025
Research Description
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in as an admin through the simplerwc_woocommerce_order_created() function. This makes it possible for unauthenticated attackers to log in as other users based on their order ID, which can be an administrator if a site admin has placed a test order.
Affected versions
Min 0.7.0, max 1.1.9.
Status
vulnerable
Previous vulnerability researches
Recurring PayPal Donations (CVE-2025-57891) , Aug 24, 2025
Recurring PayPal Donations (CVE-2024-35676) , Jun 10, 2024
New vulnerability
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) , Aug 26, 2025
UpdraftPlus: WordPress Backup & Migration Plugin , Aug 26, 2025
Simpler Checkout (CVE-2025-7642) , Aug 26, 2025
Sessions (CVE-2025-57890) , Aug 25, 2025
WP Admin Theme (CVE-2025-48325) , Aug 25, 2025