{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/payment-bypass/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-6372"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","plugin","payment-bypass","cve-2026-6372"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-6372 is a missing authorization vulnerability affecting the Plisio Accept Cryptocurrencies with Plisio WordPress plugin, specifically versions from initial releases through 2.0.5. Discovered by Patchstack, the vulnerability stems from incorrectly configured access control security levels within the plugin. An attacker can exploit this flaw to bypass payment verification processes, potentially leading to unauthorized transactions or manipulation of payment-related functionalities. Given the increasing adoption of cryptocurrency payments, this vulnerability presents a significant risk to e-commerce sites using the affected plugin. Successful exploitation can result in financial losses and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a WordPress site using the vulnerable Plisio plugin (version \u0026lt;= 2.0.5).\u003c/li\u003e\n\u003cli\u003eAttacker analyzes the plugin\u0026rsquo;s code or intercepts network traffic to identify the specific endpoint or function responsible for payment verification lacking proper authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to the vulnerable endpoint, bypassing the intended authentication or authorization mechanisms.\u003c/li\u003e\n\u003cli\u003eThe crafted request modifies payment parameters (e.g., amount, recipient) without proper validation.\u003c/li\u003e\n\u003cli\u003eThe modified request is sent to the server, which processes it without correctly verifying the user\u0026rsquo;s authority.\u003c/li\u003e\n\u003cli\u003eThe server updates the payment status, marking it as \u0026ldquo;paid\u0026rdquo; or \u0026ldquo;verified,\u0026rdquo; even though the actual payment might be incomplete, altered, or entirely missing.\u003c/li\u003e\n\u003cli\u003eThe WordPress site delivers goods or services based on the fraudulently verified payment status.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6372 allows attackers to bypass payment verification processes in e-commerce sites using the Plisio Accept Cryptocurrencies plugin. This can lead to financial losses for the site owner due to unauthorized transactions. The vulnerability affects all installations using versions up to and including 2.0.5. Given the potential for widespread impact on any site accepting cryptocurrency via this plugin, this issue represents a high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Plisio Accept Cryptocurrencies with Plisio plugin to a version greater than 2.0.5 to patch CVE-2026-6372.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Plisio Payment Bypass Attempt\u003c/code\u003e to monitor for exploit attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eExamine web server logs for suspicious POST requests to payment processing endpoints associated with the Plisio plugin, filtering for unexpected parameter modifications (log source: webserver).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-16T12:00:00Z","date_published":"2026-04-16T12:00:00Z","id":"/briefs/2026-04-plisio-auth-bypass/","summary":"A missing authorization vulnerability in the Plisio Accept Cryptocurrencies with Plisio WordPress plugin (versions up to 2.0.5) allows attackers to bypass payment verification due to incorrectly configured access control security levels.","title":"Plisio Accept Cryptocurrencies Plugin Missing Authorization Vulnerability (CVE-2026-6372)","url":"https://feed.craftedsignal.io/briefs/2026-04-plisio-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Payment-Bypass","version":"https://jsonfeed.org/version/1.1"}