Primary

Context

SePay Gateway Sensitive Data Exposure Vulnerability

Vulnerability

Patched

A missing authorization vulnerability in the SePay Gateway WordPress plugin, affecting versions through 1.1.20, allows unauthorized retrieval of embedded sensitive data. This exposure could enable exploitation of other system weaknesses.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, which is typically restricted from regular users. Such data exposure could be used to exploit additional vulnerabilities within the system.

Remediation

Users of the SePay Gateway WordPress plugin should update to version 1.1.21 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: May 26, 2026, 6:04 PM

Updated: May 26, 2026, 6:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SePay Gateway Sensitive Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SePay Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating