Skip to main content

Conekta Payment Gateway

1 CVEs product

Monthly

CVE-2026-49066 HIGH This Week

Unauthenticated sensitive data exposure in the Conekta Payment Gateway WordPress plugin (versions 6.0.0 and earlier) allows remote attackers to retrieve confidential information without authentication or user interaction. The flaw, tracked by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information), carries a CVSS 7.5 score driven entirely by a high confidentiality impact over the network. No public exploit identified at time of analysis, and the CVE is not present in CISA KEV.

Information Disclosure Conekta Payment Gateway
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated sensitive data exposure in the Conekta Payment Gateway WordPress plugin (versions 6.0.0 and earlier) allows remote attackers to retrieve confidential information without authentication or user interaction. The flaw, tracked by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information), carries a CVSS 7.5 score driven entirely by a high confidentiality impact over the network. No public exploit identified at time of analysis, and the CVE is not present in CISA KEV.

Information Disclosure Conekta Payment Gateway
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy