What the vulnerability does
01Description
The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated attackers to delete the Rede Order Logs metadata from all WooCommerce orders.
Explanation of Vulnerability in Simple Terms
02Summary
The Rede Itaú for WooCommerce payment plugin contains a missing authentication check that allows unauthenticated attackers to modify payment-related data over the network. No user interaction is required. The vulnerability affects versions 5.1.5 and earlier. Confidentiality is not impacted, but data integrity can be compromised.
What an attacker can do
03Attacker Capabilities
Modify payment transaction data or settings without authentication.
Potential impact on your site
04Site Impact
Payment data integrity compromised; attackers can alter transactions or payment configuration without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 16, 2026
CVE published
April 8, 2026
Record updated