CVE-2026-13039 | arraytics Eventin Plugin up to 4.1.15 on WordPress PaymentController PaymentController.php payment_complete checkout_id/cart_hash authorization
A vulnerability labeled as critical has been found in arraytics Eventin Plugin up to 4.1.15 on WordPress. Affected is the function payment_complete of the file PaymentController.php of the component PaymentController. Such manipulation of the argument checkout_id/cart_hash leads to authorization bypass.
This vulnerability is listed as CVE-2026-13039. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More