CVE-2026-49064

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 15, 2026

Vendor unknown

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.

References

https://patchstack.com/database/wordpress/plugin/invoicing/vulnerability/wordpress-getpaid-plugin-2-8-49-sensitive-data-exposure-vulnerability?_s_id=cve