{"api_version":"1","generated_at":"2026-04-11T08:44:52+00:00","cve":"CVE-2026-0942","urls":{"html":"https://cve.report/CVE-2026-0942","api":"https://cve.report/api/cve/CVE-2026-0942.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0942","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0942"},"summary":{"title":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion","description":"The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2026-01-16 07:15:57","updated_at":"2026-04-08 18:25:39"},"problem_types":["CWE-306","CWE-306 CWE-306 Missing Authentication for Critical Function"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58","name":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42","name":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0942","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0942","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"linknacional","product":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit","version":"affected 5.1.5 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-01T00:00:00.000Z","lang":"en","value":"Discovered"},{"source":"CNA","time":"2026-01-28T17:25:46.000Z","lang":"en","value":"Vendor Notified"},{"source":"CNA","time":"2026-01-15T18:31:18.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Osvaldo Noe Gonzalez Del Rio","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"942","cve":"CVE-2026-0942","epss":"0.000300000","percentile":"0.086920000","score_date":"2026-04-08","updated_at":"2026-04-09 00:05:10"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0942","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-01-16T13:58:38.603695Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-01-16T13:58:49.102Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit","vendor":"linknacional","versions":[{"lessThanOrEqual":"5.1.5","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Osvaldo Noe Gonzalez Del Rio"}],"descriptions":[{"lang":"en","value":"The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders."}],"metrics":[{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T16:50:25.135Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42"},{"url":"https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58"}],"timeline":[{"lang":"en","time":"2026-01-01T00:00:00.000Z","value":"Discovered"},{"lang":"en","time":"2026-01-28T17:25:46.000Z","value":"Vendor Notified"},{"lang":"en","time":"2026-01-15T18:31:18.000Z","value":"Disclosed"}],"title":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2026-0942","datePublished":"2026-01-16T06:43:20.555Z","dateReserved":"2026-01-14T15:02:25.916Z","dateUpdated":"2026-04-08T16:50:25.135Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-16 07:15:57","lastModifiedDate":"2026-04-08 18:25:39","problem_types":["CWE-306","CWE-306 CWE-306 Missing Authentication for Critical Function"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"942","Ordinal":"1","Title":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <","CVE":"CVE-2026-0942","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"942","Ordinal":"1","NoteData":"The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.","Type":"Description","Title":"Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <"}]}}}