CVE-2025-25171
WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerabilityAuthentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13.
We have discovered 41 live websites that are affected by CVE-2025-25171.
Affected Software
| Product |  Smartpay |
| Category | Wordpress Plugins |
| Vulnerable Domains | 41 live websites (100% of Smartpay install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Jun 27, 2025
- Updated - Jun 27, 2025
Credits
- Le Ngoc Anh (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-25171 United States | 28 websites |
 Canada | 2 websites |
 Germany | 2 websites |
 Netherlands | 2 websites |
 Australia | 1 websites |
 Estonia | 1 websites |
 Spain | 1 websites |
 France | 1 websites |
 Ireland | 1 websites |
 Sweden | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-25171| .com | 21 websites |
| .org | 9 websites |
| .net | 2 websites |
| .nl | 2 websites |
| .de | 1 websites |
| .se | 1 websites |
Websites affected by CVE-2025-25171
Top websites that are affected by CVE-2025-25171. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | *,***,*** | |
| ************.**.za |  South Africa | *,***,*** | |
| ******************.org | France | **,***,*** | |
| ***********.com | United States | **,***,*** | |
| *******.org | United States | **,***,*** | |
| ***********.com | Estonia | **,***,*** | |
| *****.org | United States | **,***,*** | |
| **************.nl | Netherlands | **,***,*** | |
| **************.com | United States | **,***,*** | |
| **********.de | Germany | **,***,*** |
FAQ
CVE-2025-25171 is Authentication Bypass Using an Alternate Path or Channel in Smartpay
A total of 41 websites have been identified as vulnerable to CVE-2025-25171, based on global website indexing conducted by WebTechSurvey.
The Smartpay is affected by the CVE-2025-25171 vulnerability.
Smartpay versions up to and including 2.7.13 are vulnerable to CVE-2025-25171.