WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...

CVE-2026-6858

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

CVE-2026-6858 Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

CVE-2026-6858

The CVE-2026-6858 vulnerability affects the WordPress plugin Transbank Webpay (versions before 1.14.0). It arises from logs not being sanitized/escaped for display, allowing unauthenticated users to perform Stored XSS against logged-in administrators. Remediation: upgrade to version 1.14.0 or lat...

CVE-2026-6858

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

EUVD-2026-38213

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

EUVD-2023-31346

Malicious code in bioql PyPI...

Malicious code in webpay-webserviceAPI (npm)

The package webpay-webserviceAPI was found to contain malicious code...

MAL-2025-39038 Malicious code in webpay-webserviceAPI (npm)

The package webpay-webserviceAPI was found to contain malicious code...

CVE-2023-27610

Auth. admin+ SQL Injection SQLi vulnerability in TransbankDevelopers Transbank Webpay REST plugin = 1.6.6 versions...

SchoolPlus 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : SchoolPlus v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

Webpay E-Commerce 1.0 Cross Site Scripting

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

Webpay E-Commerce 1.0 Insecure Settings

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0....

Webpay E-Commerce 1.0 SQL Injection

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

Webpay E-Commerce 1.0 Directory Traversal

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

AccPack Khanepani 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : AccPack Khanepani v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

AccPack Buzz 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...

AccPack Buzz 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : AccPack Buzz v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

AccPack Cop CMS 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Cop CMS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

SchoolPlus 1.0 Shell Upload

============================================================================================================================================= | Title : SchoolPlus v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...