The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a users identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Simple_payment | Idokd | 1.3.6 (including) | 2.3.9 (excluding) |