Unrated severityNVD Advisory· Published Jun 22, 2026

Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

CVE-2026-6858

Description

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Transbank Webpayinferred2 versions
<1.14.0+ 1 more
- (no CPE)range: <1.14.0
- (no CPE)range: <1.14.0
Package: https://wordpress.org/plugins/transbank-webpay

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/81035d75-81a5-486a-a9fb-b0d1e0befe3c/mitreexploitvdb-entrytechnical-description

News mentions

25 WordPress Plugin CVEs Drop in Three Days: File Deletion, SSRF, and XSS Dominate the Batch
Vypr Intelligence · Jun 22, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000