{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T09:02:33.272","vulnerabilities":[{"cve":{"id":"CVE-2025-6688","sourceIdentifier":"security@wordfence.com","published":"2025-06-27T08:15:23.243","lastModified":"2025-07-02T17:49:42.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users."},{"lang":"es","value":"El complemento Simple Payment para WordPress es vulnerable a la omisión de autenticación en las versiones 1.3.6 a 2.3.8. Esto se debe a que el complemento no verifica correctamente la identidad del usuario antes de iniciar sesión mediante la función create_user(). Esto permite que atacantes no autenticados inicien sesión como usuarios administrativos."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:idokd:simple_payment:*:*:*:*:*:wordpress:*:*","versionStartIncluding":"1.3.6","versionEndExcluding":"2.3.9","matchCriteriaId":"8C4286EF-098B-4894-A1E9-47615AFEA38A"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3318371/simple-payment/tags/2.3.9/simple-payment-plugin.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4e2f87-e3ad-4f1b-b647-f5e5a49f691b?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}