CVE-2026-3891 | linknacional Pix for WooCommerce Plugin up to 1.5.0 on WordPress Setting lkn_pix_for_woocommerce_c6_save_settings unrestricted upload

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability was found in linknacional Pix for WooCommerce Plugin up to 1.5.0 on WordPress. It has been declared as critical. The affected element is the function lkn_pix_for_woocommerce_c6_save_settings of the component Setting Handler. Executing a manipulation can lead to unrestricted upload.

This vulnerability appears as CVE-2026-3891. The attack may be performed from remote. There is no available exploit.

CVE-2026-3891 | linknacional Pix for WooCommerce Plugin up to 1.5.0 on WordPress Setting lkn_pix_for_woocommerce_c6_save_settings unrestricted upload

Post correlati

CVE-2025-59060 | Apache Ranger up to 2.6.x NiFiRegistryClient/NifiClient certificate host validation

CVE-2024-52425 | Urchenko Drozd Plugin up to 1.1.1 on WordPress cross site scripting

CVE-2025-6106 | WuKongOpenSource WukongCRM 9.0 AdminRoleController.java cross-site request forgery

CVE-2024-21780 | KDDI Home Spot Cube2 up to 102 Command stack-based overflow