Nexi Xpay
Monthly
Missing authorization in the Nexi XPay WordPress plugin (versions up to and including 8.3.1) allows remote unauthenticated attackers to exploit incorrectly configured access control security levels, resulting in high impact to availability. Reported by Patchstack with no public exploit identified at time of analysis, the issue stems from broken access control on plugin endpoints used by Italian e-commerce sites integrating Nexi/CartaSi payment processing.
Missing authorization in the Nexi XPay WordPress plugin (versions up to and including 8.3.1) allows remote unauthenticated attackers to exploit incorrectly configured access control security levels, resulting in high impact to availability. Reported by Patchstack with no public exploit identified at time of analysis, the issue stems from broken access control on plugin endpoints used by Italian e-commerce sites integrating Nexi/CartaSi payment processing.