Headline
CVE-2023-27610: WordPress Transbank Webpay REST plugin <= 1.6.7 - Auth. SQL Injection (SQLi) vulnerability - Patchstack
Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions.
Solution
Update the WordPress Transbank Webpay REST plugin to the latest available version (at least 1.6.7).
Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕
Mika discovered and reported this SQL Injection vulnerability in WordPress Transbank Webpay REST Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 1.6.7.
No other known vulnerabilities for this pluginReport
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more