CVE-2025-7642

Name of the Vulnerable Software and Affected Versions: Simpler Checkout versions 0.7.0 through 1.1.9

Description: The Simpler Checkout plugin for WordPress is susceptible to authentication bypass. The plugin does not properly verify a user’s identity before granting access as an administrator through the simplerwc woocommerce order created() function. This allows unauthenticated attackers to log in as other users, potentially including administrators, by exploiting order IDs.

Recommendations: versions prior to 0.7.0 versions after 1.1.9