CVE-2026-3462 – Frisbii Pay

CVE ID :CVE-2026-3462

Published : June 27, 2026, 6:50 a.m. | 54 minutes ago

Description :The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the ‘upload_csv’ and ‘process_batch’ functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary CSV data and overwrite WooCommerce payment tokens, postmeta, and order meta records.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…