Wava Payment

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39609 MEDIUM This Month

Wava Payment plugin for WordPress versions 0.3.7 and earlier allows unauthenticated remote attackers to access sensitive information through missing authorization controls on API endpoints. The vulnerability enables attackers to read confidential data by exploiting improperly configured access control levels without requiring authentication or user interaction. EPSS exploitation probability is minimal at 0.02%, but the ability to leak information without authentication warrants attention for WordPress sites using this payment plugin.

Authentication Bypass Wava Payment

NVD

CVSS 3.1

5.3

EPSS

0.0%

CVE-2026-39609

EPSS 0% CVSS 5.3

MEDIUM This Month

Wava Payment plugin for WordPress versions 0.3.7 and earlier allows unauthenticated remote attackers to access sensitive information through missing authorization controls on API endpoints. The vulnerability enables attackers to read confidential data by exploiting improperly configured access control levels without requiring authentication or user interaction. EPSS exploitation probability is minimal at 0.02%, but the ability to leak information without authentication warrants attention for WordPress sites using this payment plugin.

Authentication Bypass Wava Payment

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy