Vulnerabilities and security researches forwoo-rede woo-rede

Apr 16, 2026

CVE, Research URL: CVE-2026-0942
Home page URL: Security reports for Integration Rede for WooCommerce
Application: Integration Rede for WooCommerce
Date: Jan 16, 2026
Research Description: The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.
Affected versions: max 5.1.6.
Status: vulnerable

CVE, Research URL: CVE-2026-0939
Home page URL: Security reports for Integration Rede for WooCommerce
Application: Integration Rede for WooCommerce
Date: Jan 16, 2026
Research Description: The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possible for unauthenticated attackers to manipulate WooCommerce order statuses, either marking unpaid orders as paid, or failed.
Affected versions: max 5.1.3.
Status: vulnerable