Skip to main content

Knit Pay

1 CVEs product

Monthly

CVE-2026-49070 HIGH This Week

Unauthenticated broken access control in the Knit Pay WordPress plugin versions 9.4.0.0 and earlier allows remote attackers to modify integrity-sensitive data without any authentication or user interaction. The flaw is rooted in missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit identified at time of analysis, the network-reachable nature and zero prerequisites make it attractive for opportunistic abuse against WordPress sites running this payment plugin.

Authentication Bypass Knit Pay
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated broken access control in the Knit Pay WordPress plugin versions 9.4.0.0 and earlier allows remote attackers to modify integrity-sensitive data without any authentication or user interaction. The flaw is rooted in missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit identified at time of analysis, the network-reachable nature and zero prerequisites make it attractive for opportunistic abuse against WordPress sites running this payment plugin.

Authentication Bypass Knit Pay
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy