Plisio Plugin Flaw: Unauthenticated Access Control Bypass

/HIGH
SCW vulnerabilitycvehigh-severitycwe-862
Plisio Plugin Flaw: Unauthenticated Access Control Bypass

A significant “Missing Authorization” vulnerability, tracked as CVE-2026-6372, has been identified in the “Accept Cryptocurrencies with Plisio” plugin. According to the National Vulnerability Database, this flaw allows for the exploitation of incorrectly configured access control security levels, presenting a clear path for unauthenticated attackers to bypass authorization. The issue impacts versions of the Plisio plugin up to and including 2.0.5.

This isn’t some esoteric bug; a CVSS v3.1 score of 7.5 (HIGH) with an AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N vector means it’s exploitable over the network without any user interaction or privileges. Essentially, an attacker could manipulate access controls to achieve a high impact on integrity (I:H), though confidentiality and availability are not directly impacted by this specific vector. The root cause is categorized under CWE-862, which points directly to insufficient authorization checks—a classic blunder that often leads to serious headaches down the line.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

5 rules · 6 SIEM formats

5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-6372

✓ Sigma 🔒 Splunk SPL 🔒 Sentinel KQL 🔒 Elastic 🔒 QRadar AQL 🔒 Wazuh

Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.

5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get All SIEM Formats →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6372 Auth Bypass Plisio Accept Cryptocurrencies with Plisio plugin versions n/a through 2.0.5
CVE-2026-6372 Misconfiguration Incorrectly Configured Access Control Security Levels
CVE-2026-6372 Auth Bypass Missing Authorization vulnerability

By Shimi's Cyber World Editorial

Related Posts

Velociraptor Vulnerability Exposes Multi-Org Data

CVE-2026-6290 — Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL...

vulnerabilityCVEhigh-severitycwe-863
/HIGH /⚑ 3 IOCs

CVE-2026-33214 — Weblate is a web based localization tool. In versions prior

CVE-2026-33214 — Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't...

vulnerabilityCVEcwe-862
/MEDIUM /⚑ 2 IOCs

Git for Windows NTLM Hash Leak Poses Credential Risk

CVE-2026-32631 — Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a...

vulnerabilityCVEhigh-severitycwe-200
/HIGH /⚑ 2 IOCs