Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-7626
Received
More InfoOfficial Page
Source-security@wordfence.com
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2026 | 09:16
Updated At-12 May, 2026 | 09:16

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_key and slek_secret API credentials directly into a client-side HTML form, and additionally embedding the slek_secret as a plaintext GET parameter in the IPN callback URL. This makes it possible for unauthenticated attackers who can place an order on the affected store to extract the merchant's API credentials by viewing the HTML source or using browser DevTools on the WooCommerce order-pay page before the JavaScript auto-submit fires.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Primarysecurity@wordfence.com
CWE ID: CWE-200
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L267security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L307security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L267security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L307security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/45ccc116-866e-467f-8ebb-8a3b6589c069?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L267
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L307
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L267
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L307
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/45ccc116-866e-467f-8ebb-8a3b6589c069?source=cve
Source: security@wordfence.com
Resource: N/A
Change History
0Changes found
Details not found