Peach Payments Gateway
Monthly
Broken access control in the Peach Payments Gateway WordPress plugin (all versions through 4.0.2) permits remote unauthenticated attackers to invoke plugin functionality without valid authorization, bypassing intended access control security levels. Rooted in CWE-862 (Missing Authorization) and reported by Patchstack, the flaw enables limited integrity and availability impact against WooCommerce-powered sites using this plugin. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the unauthenticated, low-complexity attack vector warrants prompt remediation for any site processing payments through this gateway.
Broken access control in the Peach Payments Gateway WordPress plugin (all versions through 4.0.2) permits remote unauthenticated attackers to invoke plugin functionality without valid authorization, bypassing intended access control security levels. Rooted in CWE-862 (Missing Authorization) and reported by Patchstack, the flaw enables limited integrity and availability impact against WooCommerce-powered sites using this plugin. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the unauthenticated, low-complexity attack vector warrants prompt remediation for any site processing payments through this gateway.