vulnerability

WordPress Plugin: woo-rede: CVE-2026-0942: Missing Authentication for Critical Function

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 15, 2026	Jan 30, 2026	Jan 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 15, 2026

Added

Jan 30, 2026

Modified

Jan 30, 2026

Description

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.

Solution

woo-rede-plugin-cve-2026-0942

References

URL-https://www.cve.org/CVERecord?id=CVE-2026-0942
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=api-prod
CVE-2026-0942
https://attackerkb.com/topics/CVE-2026-0942
CWE-306

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today