CVE-2026-3208
The CVE 2026-3208 entry concerns the Mercado Pago payments for WooCommerce plugin for WordPress. A missing capability check on the mp_pix_image endpoint allows unauthenticated access to PIX payment QR code images for arbitrary orders in all versions up to 8.7.11. The PIX QR codes expose sensitive...