Conekta Payment Gateway
Monthly
Unauthenticated sensitive data exposure in the Conekta Payment Gateway WordPress plugin (versions 6.0.0 and earlier) allows remote attackers to retrieve confidential information without authentication or user interaction. The flaw, tracked by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information), carries a CVSS 7.5 score driven entirely by a high confidentiality impact over the network. No public exploit identified at time of analysis, and the CVE is not present in CISA KEV.
Unauthenticated sensitive data exposure in the Conekta Payment Gateway WordPress plugin (versions 6.0.0 and earlier) allows remote attackers to retrieve confidential information without authentication or user interaction. The flaw, tracked by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information), carries a CVSS 7.5 score driven entirely by a high confidentiality impact over the network. No public exploit identified at time of analysis, and the CVE is not present in CISA KEV.