CVE-2025-6688
Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to AdminThe Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
We have discovered 2 live websites that are affected by CVE-2025-6688.
Affected Software
| Product |  Simple Payment |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2 live websites (100% of Simple Payment install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Jun 27, 2025
- Updated - Jun 27, 2025
Credits
- Kenneth Dunn (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-6688 United States | 1 websites |
 Israel | 1 websites |
Websites affected by CVE-2025-6688
Top websites that are affected by CVE-2025-6688. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.events | United States | *,***,*** | |
| ***.********.**.il | Israel | **,***,*** |
FAQ
CVE-2025-6688 is Authentication Bypass Using an Alternate Path or Channel in Simple Payment
A total of 2 websites have been identified as vulnerable to CVE-2025-6688, based on global website indexing conducted by WebTechSurvey.
The Simple Payment is affected by the CVE-2025-6688 vulnerability.
Simple Payment versions up to and including 2.3.8 are vulnerable to CVE-2025-6688.