Unauthorized Data Modification in Rede Itaú for WooCommerce by Wordpress
CVE-2026-0942
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 January 2026
What is CVE-2026-0942?
The Rede Itaú for WooCommerce plugin, used for handling Payment PIX, Credit Card, and Debit transactions, has a significant vulnerability that allows unauthorized users to modify sensitive data. This is due to a missing capability check on the clearOrderLogs() function, present in all versions up to and including 5.1.2. As a result, unauthenticated attackers can delete Rede Order Logs metadata from WooCommerce orders, posing a serious risk to data integrity and security.
Affected Version(s)
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit 0 <= 5.1.5