Transbank Webpay WP Plugin <1.14.0 Stored XSS via Unsanitized Logs
CVE-2026-6858 Published on June 22, 2026

Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator

NVD

Transbank Webpay WP Plugin <1.14.0 Stored XSS via Unsanitized LogsCVE-2026-6858 Published on June 22, 2026

Transbank Webpay WP Plugin <1.14.0 Stored XSS via Unsanitized Logs
CVE-2026-6858 Published on June 22, 2026