Skip to main content

Payment Gateway Pix For Givewp EUVDEUVD-2026-11955

| CVE-2026-32425 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11955
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.

AnalysisAI

Payment Gateway Pix For GiveWP versions 2.2.3 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify data through improper access control. An attacker can exploit this flaw to manipulate payment gateway functionality without proper authentication or user interaction. No patch is currently available for this vulnerability affecting GiveWP payment processing installations.

Technical ContextAI

The vulnerability is rooted in CWE-862 (Missing Authorization), a critical access control weakness where the application fails to properly validate user permissions before performing sensitive operations. This affects the linknacional Payment Gateway Pix For GiveWP plugin, which integrates Brazil's Pix instant payment system into the GiveWP fundraising platform. The plugin is identified via CPE string cpe:2.3:a:linknacional:payment_gateway_pix_for_givewp. The root cause involves inadequately configured access control security levels in the plugin's authorization logic, allowing attackers to bypass authentication or authorization checks. Since this is a WordPress plugin managing financial transactions through Pix, the authorization failure likely occurs at API endpoints or administrative functions that should restrict access to authenticated users with specific roles.

RemediationAI

Upgrade linknacional Payment Gateway Pix For GiveWP to the first patched version beyond 2.2.3 immediately. Consult the plugin's official security advisory and the WordPress plugin repository for the specific patched version release. Until a patch is available, implement the following controls: restrict access to the plugin's API endpoints and administrative functions using a Web Application Firewall (WAF) configured to require valid authentication tokens; enforce role-based access control at the application level to ensure only authorized GiveWP administrators can initiate Pix transactions; and monitor access logs for unauthorized requests to payment-related endpoints. Consider temporarily disabling the Pix gateway if alternative payment methods are available until patching is completed.

Share

EUVD-2026-11955 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy