CVE-2026-0942

MEDIUM 5.3

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.

CWE	CWE-306
Vendor	linknacional
Product	rede itaú for woocommerce — payment pix, credit card and debit
Published	Jan 16, 2026
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for linknacional rede itaú for woocommerce — payment pix, credit card and debit

Be the first to know when new medium vulnerabilities affecting linknacional rede itaú for woocommerce — payment pix, credit card and debit are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

linknacional / Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

0 ≤ 5.1.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58

Credits

Osvaldo Noe Gonzalez Del Rio