Unauthenticated Access Control Flaw in Knit Pay by PatchStack
CVE-2026-49070

7.5HIGH

Key Information:

Vendor: WordPress
Status: Knit Pay
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-49070?

The Knit Pay plugin for WordPress is affected by a vulnerability allowing unauthenticated users to exploit broken access control. This weakness can be leveraged by attackers to gain unauthorized access to sensitive functionalities within the plugin, potentially leading to data breaches and unauthorized operations. Users of affected versions should promptly update to secure their installations against these risks.

Affected Version(s)

Knit Pay <= 9.4.0.0

References

https://patchstack.com/database/wordpress/plugin/knit-pay...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 27, 2026

Credit

Averon Averenkov | Patchstack Bug Bounty Program

CVE-2026-49070 Data

JSON