PatchSiren

evertec CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM evertec CVE published 2026-07-17

CVE-2026-11324

The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This vulnerability has a CVSS score of 6.1 and is considered Medium severity. Users of these plugins should be aware of this vulnerability [truncated]