CVE-2026-6858
Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator
| Vendor | unknown |
| Product | transbank webpay |
| Published | Jun 22, 2026 |
| Last Updated | Jun 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown transbank webpay
Be the first to know when new high vulnerabilities affecting unknown transbank webpay are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Unknown / Transbank Webpay
0 < 1.14.0
References
Credits
Mateo Contenla & MatΓas Schiappacasse WPScan