Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS_CVE-2026-6858

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Description

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator

Basic Information

ID CVE-2026-6858

Source WPScan

Published Jun 22, 2026 at 06:00

Modified Jun 22, 2026 at 12:55

Affected Product

Vendor Unknown

Product Transbank Webpay

Affected Versions Unknown Transbank Webpay 0

CWE Classification

CWE-79

References

wpscan.com /vulnerability/81035d75-81a5-486a-a9fb-b0d1e0befe3c/

{
    "lastseen": "",
    "description": "The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator",
    "published": "2026-06-22T06:00:02.096Z",
    "modified": "2026-06-22T12:55:51.401Z",
    "type": "cve",
    "title": "Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/81035d75-81a5-486a-a9fb-b0d1e0befe3c/",
    "id": "CVE-2026-6858",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Unknown Transbank Webpay 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Transbank Webpay",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}