CVE-2026-6858

Name of the Vulnerable Software and Affected Versions Transbank Webpay WordPress plugin versions prior to 1.14.0

Description The plugin fails to sanitize and escape logs before they are displayed. This allows unauthenticated users to execute Stored Cross-Site Scripting (XSS) attacks, which is a technique where malicious scripts are permanently stored on the target server, against logged-in administrators.

Recommendations Update to version 1.14.0 or later.