Knit Pay
Monthly
Unauthenticated broken access control in the Knit Pay WordPress plugin versions 9.4.0.0 and earlier allows remote attackers to modify integrity-sensitive data without any authentication or user interaction. The flaw is rooted in missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit identified at time of analysis, the network-reachable nature and zero prerequisites make it attractive for opportunistic abuse against WordPress sites running this payment plugin.
Unauthenticated broken access control in the Knit Pay WordPress plugin versions 9.4.0.0 and earlier allows remote attackers to modify integrity-sensitive data without any authentication or user interaction. The flaw is rooted in missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit identified at time of analysis, the network-reachable nature and zero prerequisites make it attractive for opportunistic abuse against WordPress sites running this payment plugin.