CVE-2026-0942

5.3 MEDIUM

Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to delete payment metadata logs from all WooCommerce orders using the Rede Itaú plugin. Any WordPress site running the vulnerable plugin version is affected, potentially disrupting payment reconciliation and audit trails.

💻 Affected Systems

Products:

• Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin

Versions: All versions up to and including 5.1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress sites with WooCommerce and the vulnerable Rede Itaú plugin installed and activated.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of payment transaction logs for all orders, making financial reconciliation impossible and potentially hiding fraudulent activity.

🟠

Likely Case

Partial deletion of payment metadata causing operational disruption for merchants trying to reconcile payments and investigate transactions.

🟢

If Mitigated

No impact if plugin is patched or proper access controls prevent unauthorized API calls.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable by unauthenticated attackers over the internet via WordPress endpoints.

🏢 Internal Only: LOW - The vulnerability requires no authentication, so internal network access provides no additional advantage.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit via direct HTTP requests to the vulnerable endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.3 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.3/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Rede Itaú for WooCommerce'. 4. Click 'Update Now' if available, or download version 5.1.3+ from WordPress repository. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Disable vulnerable endpoint via .htaccess

linux

Block access to the vulnerable WordPress endpoint that triggers the clearOrderLogs function.

Copy

# Add to .htaccess in WordPress root directory
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-json/lkn-integration-rede-for-woocommerce/v1/clear-order-logs$
RewriteRule .* - [F,L]
</IfModule>

Deactivate plugin temporarily

linux

Temporarily disable the vulnerable plugin until patched.

Copy

wp plugin deactivate woo-rede

🧯 If You Can't Patch

• Implement web application firewall (WAF) rules to block requests to the vulnerable endpoint /wp-json/lkn-integration-rede-for-woocommerce/v1/clear-order-logs
• Restrict access to WordPress REST API endpoints using authentication or IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin → Plugins → Installed Plugins for 'Rede Itaú for WooCommerce' version 5.1.2 or earlier.

Check Version:

Copy

wp plugin get woo-rede --field=version

Verify Fix Applied:

Copy

Verify plugin version is 5.1.3 or later in WordPress admin panel, and test that unauthorized requests to the clear-order-logs endpoint return proper authentication errors.

📡 Detection & Monitoring

Log Indicators:

• HTTP 200 responses to POST /wp-json/lkn-integration-rede-for-woocommerce/v1/clear-order-logs from unauthenticated users
• Sudden absence of 'rede_order_logs' metadata in WooCommerce order records

Network Indicators:

• Unusual volume of requests to WordPress REST API endpoints from unauthenticated sources
• POST requests to clear-order-logs endpoint without authentication headers

SIEM Query:

Copy

source="wordpress.log" AND (uri_path="/wp-json/lkn-integration-rede-for-woocommerce/v1/clear-order-logs" AND http_status=200 AND NOT user_authenticated=true)

📊 Metadata

CVE ID: CVE-2026-0942

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-306

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: January 16, 2026

Last Updated: January 16, 2026

🔗 References

• https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L42
• https://plugins.trac.wordpress.org/browser/woo-rede/tags/5.1.2/Includes/LknIntegrationRedeForWoocommerceWcEndpoint.php#L58
• https://www.wordfence.com/threat-intel/vulnerabilities/id/4927c060-f2b2-4916-b049-1442bba63e98?source=cve

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0942, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)

CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)

CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)