MEDIUM
SePay team
CVE published 2026-05-25
CVE-2026-42763
A Missing Authorization vulnerability in the SePay Gateway WordPress plugin allows authenticated attackers with low privileges to retrieve embedded sensitive data. The vulnerability exists in versions up to and including 1.1.20. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, low privileges required, no user interaction, and high confidenti [truncated]