WordPress Simpler Checkout Plugin Authentication Bypass Vulnerability

A vulnerability allowing authentication bypass has been identified in the Simpler Checkout plugin for WordPress, affecting versions 0.7.0 to 1.1.9. The issue arises because the plugin fails to properly verify a user's identity before logging them in as an administrator via the 'simplerwc_woocommerce_order_created()' function. This flaw enables unauthenticated attackers to log in as other users by exploiting their order ID, potentially gaining access as an administrator if a test order was placed by a site admin.

Impact

Exploitation of this vulnerability allows unauthenticated users to log in as other users, including administrators, by using their order ID.

Remediation

There is no known patch available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.