Rede Itaú for WooCommerce — Payment PIX, Credit Card and...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possible for unauthenticated attackers to manipulate WooCommerce order statuses, either marking unpaid orders as paid, or failed.

Basic Information

ID CVE-2026-0939

Source Wordfence

Published Jan 16, 2026 at 06:43

Affected Product

Vendor linknacional

Product Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

Version *

Affected Versions linknacional Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit *

CWE Classification

CWE-345

References

{
    "lastseen": "",
    "description": "The Rede Ita\u00fa for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possible for unauthenticated attackers to manipulate WooCommerce order statuses, either marking unpaid orders as paid, or failed.",
    "published": "2026-01-16T06:43:20.971Z",
    "modified": "2026-01-16T06:43:20.971Z",
    "type": "cve",
    "title": "Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/722c666b-913f-4289-82e6-30aa0a3abc2b?source=cve\nhttps://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L45\nhttps://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L460\nhttps://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L710",
    "id": "CVE-2026-0939",
    "bulletinFamily": "",
    "cwe": [
        "CWE-345"
    ],
    "cvelist": null,
    "sourceData": "linknacional Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit",
    "version": "*",
    "vendor": "linknacional",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation_CVE-2026-0939