CVE-2026-6372
Received Received - Intake
Missing Authorization in Plisio Accept Cryptocurrencies Enables Access Bypass

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Patchstack

Description
Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6372
EUVD
EUVD-2026-22983
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack accept_cryptocurrencies_with_plisio From 2.0.0 (inc) to 2.0.5 (inc)
plisio accept_cryptocurrencies to 2.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6372 is a Missing Authorization vulnerability in the WordPress plugin "Accept Cryptocurrencies with Plisio" versions up to 2.0.5. It is a Broken Access Control issue where missing authorization, authentication, or nonce token checks allow unauthenticated users to perform actions that should be restricted to higher privileged users.

This means that attackers can exploit incorrectly configured access control security levels to bypass payment restrictions without needing any privileges.

Compliance Impact

The vulnerability is a Missing Authorization issue classified as Broken Access Control, allowing unauthenticated users to perform actions reserved for higher privileged users.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, broken access control vulnerabilities can potentially lead to unauthorized actions or data manipulation, which may impact compliance with regulations that require strict access controls and data protection.

However, no direct information is provided about specific compliance impacts or breaches related to this vulnerability.

Impact Analysis

The vulnerability allows unauthenticated users to bypass payment restrictions, potentially enabling unauthorized actions within the plugin.

Although the CVSS score is 7.5 indicating moderate severity, the impact is considered low and exploitation is unlikely according to Patchstack.

However, the vulnerability enables mass exploitation campaigns targeting many websites regardless of their traffic or popularity, which could lead to unauthorized transactions or manipulation of payment processes.

No official patch is available as of the publication date, so immediate mitigation involves updating the plugin if possible or seeking assistance from hosting providers or developers.

Mitigation Strategies

Immediate mitigation involves updating the plugin if possible or seeking assistance from hosting providers or developers.

Since no official patch is available as of the publication date, contacting your hosting provider or developer for custom mitigation or applying security controls to restrict unauthorized access is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart