Skip to main content

Nexi Xpay

1 CVEs product

Monthly

CVE-2026-54810 HIGH This Week

Missing authorization in the Nexi XPay WordPress plugin (versions up to and including 8.3.1) allows remote unauthenticated attackers to exploit incorrectly configured access control security levels, resulting in high impact to availability. Reported by Patchstack with no public exploit identified at time of analysis, the issue stems from broken access control on plugin endpoints used by Italian e-commerce sites integrating Nexi/CartaSi payment processing.

Authentication Bypass Nexi Xpay
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Missing authorization in the Nexi XPay WordPress plugin (versions up to and including 8.3.1) allows remote unauthenticated attackers to exploit incorrectly configured access control security levels, resulting in high impact to availability. Reported by Patchstack with no public exploit identified at time of analysis, the issue stems from broken access control on plugin endpoints used by Italian e-commerce sites integrating Nexi/CartaSi payment processing.

Authentication Bypass Nexi Xpay
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy