WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...

CVE-2026-6858

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

CVE-2026-6858

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

EUVD-2026-38213

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

CVE-2026-6858 Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

CVE-2026-6858

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

EUVD-2023-31346

Malicious code in bioql PyPI...

CVE-2023-27610

Auth. admin+ SQL Injection SQLi vulnerability in TransbankDevelopers Transbank Webpay REST plugin = 1.6.6 versions...

CVE-2023-27610

Auth. admin+ SQL Injection SQLi vulnerability in TransbankDevelopers Transbank Webpay REST plugin = 1.6.6 versions...

CVE-2023-27610 WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Auth. admin+ SQL Injection SQLi vulnerability in TransbankDevelopers Transbank Webpay REST plugin = 1.6.6 versions...

CVE-2023-27610

CVE-2023-27610 affects WordPress Transbank Webpay REST plugin (versions

WordPress Plugin Transbank Webpay REST SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Transbank...

PT-2023-21248 · Transbank · Transbank Webpay Rest Plugin

Name of the Vulnerable Software and Affected Versions: Transbank Webpay REST plugin versions = 1.6.6 Description: The issue is related to an SQL Injection vulnerability in the Transbank Webpay REST plugin. This allows for unauthorized access and potential data manipulation. Recommendations: For...

WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Software Transbank Webpay REST Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-27610 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d271398a2afa Credits Mika Required privilege Administrator...

Transbank Webpay REST < 1.6.7 - Admin+ SQLi

The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...