cleantalk
Vulnerabilities and Security Researches

Knit Pay – Instamojo, Razorpay, Cashfree, Stripe, Easebuzz, UPI QR, CCAvenue, GoUrl, CVE-2026-49070

CVE, Research URL

CVE-2026-49070

Home page URL

Security reports for Knit Pay – Instamojo, Razorpay, Cashfree, Stripe, Easebuzz, UPI QR, CCAvenue, GoUrl

Application

Knit Pay – Instamojo, Razorpay, Cashfree, Stripe, Easebuzz, UPI QR, CCAvenue, GoUrl

Published on
Jun 16, 2026
Research Description
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Affected versions
max 9.4.0.1.
Status
vulnerable
Previous vulnerability researches
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2026-39481) , May 02, 2026
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2020-9003) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2022-41135) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-12853) , Jan 08, 2025
New vulnerability
SEO Plugin by Squirrly SEO (CVE-2026-52714) , Jun 18, 2026
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2026-8607) , Jun 18, 2026
Faust.js (CVE-2026-49062) , Jun 18, 2026
Conekta Payment Gateway (CVE-2026-49066) , Jun 18, 2026
Knit Pay &#8211; Instamojo, Razorpay, Cashfree, Stripe, Easebuzz, UPI QR, CCAvenue, GoUrl (CVE-2026-49070) , Jun 18, 2026