top of page
perceptive_background_267k.jpg

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lk…

Published:

12 maart 2026 om 23:00:00

Alert date:

13 maart 2026 om 20:06:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

The Pix for WooCommerce plugin for WordPress contains a critical vulnerability allowing arbitrary file uploads due to missing capability checks and file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function. This affects all versions up to and including 1.5.0. Unauthenticated attackers can exploit this vulnerability to upload arbitrary files to the server, potentially leading to remote code execution. The vulnerability represents a significant security risk for WordPress sites using this payment gateway plugin.

Technical details

Mitigation steps:

Affected products:

Pix for WooCommerce plugin
WordPress

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-3891
https://plugins.trac.wordpress.org/browser/payment-gateway-pix-for-woocommerce/tags/1.4.0/Includes/LknPaymentPixForWoocommercePixC6.php#L694
https://plugins.trac.wordpress.org/changeset/3480639/payment-gateway-pix-for-woocommerce#file56
https://www.wordfence.com/threat-intel/vulnerabilities/id/20188fd3-c330-4c76-912b-72731e14c450?source=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page