{"id":35995,"date":"2026-01-16T01:19:59","date_gmt":"2026-01-16T01:19:59","guid":{"rendered":"http:\/\/localhost\/?p=35995"},"modified":"2026-01-16T01:19:59","modified_gmt":"2026-01-16T01:19:59","slug":"rede-ita-for-woocommerce-payment-pix-credit-card-and-debit-512-unauthenticated-order-status-manipula","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=35995","title":{"rendered":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation_CVE-2026-0939"},"content":{"rendered":"

{“lastseen”:””,”description”:”The Rede Ita\u00fa for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possible for unauthenticated attackers to manipulate WooCommerce order statuses, either marking unpaid orders as paid, or failed.”,”published”:”2026-01-16T06:43:20.971Z”,”modified”:”2026-01-16T06:43:20.971Z”,”type”:”cve”,”title”:”Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit \\u003c= 5.1.2 – Unauthenticated Order Status Manipulation”,”source”:”Wordfence”,”references”:”https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/722c666b-913f-4289-82e6-30aa0a3abc2b?source=cve\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/woo-rede\/tags\/5.1.2\/Includes\/LknIntegrationRedeForWoocommerceWcEndpoint.php#L45\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/woo-rede\/tags\/5.1.2\/Includes\/LknIntegrationRedeForWoocommerceWcEndpoint.php#L460\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/woo-rede\/tags\/5.1.2\/Includes\/LknIntegrationRedeForWoocommerceWcEndpoint.php#L710″,”id”:”CVE-2026-0939″,”bulletinFamily”:””,”cwe”:[“CWE-345″],”cvelist”:null,”sourceData”:”linknacional Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit *”,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit”,”version”:”*”,”vendor”:”linknacional”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”The Rede Ita\u00fa for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-35995","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nRede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=35995\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”The Rede Ita\u00fa for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=35995\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-16T01:19:59+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit\",\"datePublished\":\"2026-01-16T01:19:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995\"},\"wordCount\":10,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=35995#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995\",\"name\":\"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-16T01:19:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=35995\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35995#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=35995","og_locale":"en_US","og_type":"article","og_title":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit","og_description":"{“lastseen”:””,”description”:”The Rede Ita\u00fa for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up...","og_url":"https:\/\/zero.redgem.net\/?p=35995","og_site_name":"zero redgem","article_published_time":"2026-01-16T01:19:59+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=35995#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=35995"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit","datePublished":"2026-01-16T01:19:59+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=35995"},"wordCount":10,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=35995#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=35995","url":"https:\/\/zero.redgem.net\/?p=35995","name":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-16T01:19:59+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=35995#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=35995"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=35995#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Rede Ita\u00fa for WooCommerce \u2014 Payment PIX, Credit Card and Debit"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/35995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=35995"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/35995\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=35995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=35995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=35995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}