Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.
AnalysisAI
Payment Gateway Pix For GiveWP versions 2.2.3 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify data through improper access control. An attacker can exploit this flaw to manipulate payment gateway functionality without proper authentication or user interaction. No patch is currently available for this vulnerability affecting GiveWP payment processing installations.
Technical ContextAI
The vulnerability is rooted in CWE-862 (Missing Authorization), a critical access control weakness where the application fails to properly validate user permissions before performing sensitive operations. This affects the linknacional Payment Gateway Pix For GiveWP plugin, which integrates Brazil's Pix instant payment system into the GiveWP fundraising platform. The plugin is identified via CPE string cpe:2.3:a:linknacional:payment_gateway_pix_for_givewp. The root cause involves inadequately configured access control security levels in the plugin's authorization logic, allowing attackers to bypass authentication or authorization checks. Since this is a WordPress plugin managing financial transactions through Pix, the authorization failure likely occurs at API endpoints or administrative functions that should restrict access to authenticated users with specific roles.
RemediationAI
Upgrade linknacional Payment Gateway Pix For GiveWP to the first patched version beyond 2.2.3 immediately. Consult the plugin's official security advisory and the WordPress plugin repository for the specific patched version release. Until a patch is available, implement the following controls: restrict access to the plugin's API endpoints and administrative functions using a Web Application Firewall (WAF) configured to require valid authentication tokens; enforce role-based access control at the application level to ensure only authorized GiveWP administrators can initiate Pix transactions; and monitor access logs for unauthorized requests to payment-related endpoints. Consider temporarily disabling the Pix gateway if alternative payment methods are available until patching is completed.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11955