Sepay Gateway
Monthly
Missing Authorization in the SePay Gateway WordPress plugin (versions through 1.1.20) permits any authenticated low-privileged user to retrieve embedded sensitive data without proper access checks. The flaw is classified under CWE-862 and carries a CVSS confidentiality impact of High, meaning payment or configuration secrets stored within the plugin can be exposed to unauthorized parties. No public exploit has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable risk, indicating limited active threat at present.
Missing Authorization in the SePay Gateway WordPress plugin (versions through 1.1.20) permits any authenticated low-privileged user to retrieve embedded sensitive data without proper access checks. The flaw is classified under CWE-862 and carries a CVSS confidentiality impact of High, meaning payment or configuration secrets stored within the plugin can be exposed to unauthorized parties. No public exploit has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable risk, indicating limited active threat at present.