Improper input validation in Appmaxplataforma Appmax
CVE-2026-3641
The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhoo…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (35.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Appmaxplataforma Appmax — versions 0
Weakness classification (CWE)
References
- www.wordfence.com/threat-intel/vulnerabilities/id/6bf61bb7-f977-4afe-bb81-e6de1…
- plugins.trac.wordpress.org/browser/appmax/trunk/includes/core/class-appmax-paym…
- plugins.trac.wordpress.org/browser/appmax/tags/1.0.3/includes/core/class-appmax…
- plugins.trac.wordpress.org/browser/appmax/trunk/includes/core/class-appmax-paym…
- plugins.trac.wordpress.org/browser/appmax/tags/1.0.3/includes/core/class-appmax…
- plugins.trac.wordpress.org/browser/appmax/trunk/includes/webhooks/class-appmax-…
- plugins.trac.wordpress.org/browser/appmax/tags/1.0.3/includes/webhooks/class-ap…
- plugins.trac.wordpress.org/browser/appmax/trunk/includes/webhooks/types/class-a…
- plugins.trac.wordpress.org/browser/appmax/tags/1.0.3/includes/webhooks/types/cl…
Frequently asked questions
- What is CVE-2026-3641?
- CVE-2026-3641 is a medium-severity vulnerability in Appmaxplataforma Appmax, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2026-03-21.
- How severe is CVE-2026-3641?
- Medium severity. CVSS v3 base score is 5.3 out of 10.