HIGH
Transbank
CVE published 2026-06-22
CVE-2026-6858
CVE-2026-6858 is a Stored XSS vulnerability in the Transbank Webpay WordPress plugin before 1.14.0. The plugin fails to sanitize and escape logs for display, allowing unauthenticated users to perform Stored XSS attacks against logged-in administrators. This issue has a potential impact on WordPress sites using the affected plugin version. The vulnerability's CVSS score and severity are not provided. Defen [truncated]