top of page
perceptive_background_267k.jpg

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lk…

Published:

12 March 2026 at 23:00:00

Alert date:

13 March 2026 at 20:06:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

The Pix for WooCommerce plugin for WordPress contains a critical vulnerability allowing arbitrary file uploads due to missing capability checks and file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function. This affects all versions up to and including 1.5.0. Unauthenticated attackers can exploit this vulnerability to upload arbitrary files to the server, potentially leading to remote code execution. The vulnerability represents a significant security risk for WordPress sites using this payment gateway plugin.

Technical details

Mitigation steps:

Affected products:

Pix for WooCommerce plugin
WordPress

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-3891
https://plugins.trac.wordpress.org/browser/payment-gateway-pix-for-woocommerce/tags/1.4.0/Includes/LknPaymentPixForWoocommercePixC6.php#L694
https://plugins.trac.wordpress.org/changeset/3480639/payment-gateway-pix-for-woocommerce#file56
https://www.wordfence.com/threat-intel/vulnerabilities/id/20188fd3-c330-4c76-912b-72731e14c450?source=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page