PT-2026-3226 · Unknown+1 · Woocommerce+1
Published
2026-01-16
·
Updated
2026-01-16
·
CVE-2026-0939
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rede Itaú for WooCommerce plugin for WordPress versions up to and including 5.1.2
Description
The Rede Itaú for WooCommerce plugin for WordPress has a flaw related to insufficient verification of payment callback data. This allows unauthenticated attackers to manipulate WooCommerce order statuses, potentially marking unpaid orders as paid or failed. The issue stems from the plugin's failure to confirm the authenticity of payment callbacks.
Recommendations
Update the Rede Itaú for WooCommerce plugin to a version later than 5.1.2.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rede Itaú For Woocommerce
Woocommerce