CVE-2026-27073 - Vulnerability Details - OpenCVE

Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Addi	Addi – Cuotas Que Se Adaptan A Ti
Wordpress	Wordpress

No data.

No data.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/buy-now-pay-later-addi/vulnerability/wordpress-addi-cuotas-que-se-adaptan-a-ti-plugin-2-0-4-broken-authentication-vulnerability?_s_id=cve

History

Thu, 26 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}`

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Addi Addi addi – Cuotas Que Se Adaptan A Ti Wordpress Wordpress wordpress
Vendors & Products		Addi Addi addi – Cuotas Que Se Adaptan A Ti Wordpress Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4.
Title		WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability
Weaknesses		CWE-798
References		https://patchstack.com/database/Wordpress/Plugin/buy-now-pay-later-addi/vulnerability/wordpress-addi-cuotas-que-se-adaptan-a-ti-plugin-2-0-4-broken-authentication-vulnerability?_s_id=cve

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-03-25T16:14:54.270Z

Updated: 2026-03-26T19:05:01.072Z

Reserved: 2026-02-17T13:23:51.341Z

Link: CVE-2026-27073

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-25T17:16:54.793

Modified: 2026-03-26T19:16:39.337

Link: CVE-2026-27073

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27073", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-17T13:23:51.341Z", "datePublished": "2026-03-25T16:14:54.270Z", "dateUpdated": "2026-03-26T19:05:01.072Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "buy-now-pay-later-addi", "product": "Addi – Cuotas que se adaptan a ti", "vendor": "Addi", "versions": [{"lessThanOrEqual": "<= 2.0.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos (jrn5151) | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:19.840Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.<p>This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4.</p>"}], "value": "Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4."}], "impacts": [{"capecId": "CAPEC-50", "descriptions": [{"lang": "en", "value": "Password Recovery Exploitation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:54.270Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/buy-now-pay-later-addi/vulnerability/wordpress-addi-cuotas-que-se-adaptan-a-ti-plugin-2-0-4-broken-authentication-vulnerability?_s_id=cve"}], "title": "WordPress Addi \u2013 Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T19:04:58.287416Z", "id": "CVE-2026-27073", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:05:01.072Z"}}]}}