CVE-2026-6858
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
22/06/2026
Last modified:
22/06/2026
Description
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH



