The vulnerability is a missing authorization flaw, classified under CWE-862, that permits attackers to manipulate or access features provided by the SumUp Payment Gateway For WooCommerce plugin without proper privileges. An attacker who can reach the plugin’s administrative interfaces could change payment settings, override security levels, or view transaction data that should be protected. The medium‑severity CVSS score of 5.3 indicates that while the flaw is not trivial, it can still lead to significant business impact if exploited.

All installations of the SumUp Payment Gateway For WooCommerce WordPress plugin running version 2.7.9 or earlier are affected. The specific product is the SumUp Payment Gateway For WooCommerce plugin deployed on WordPress sites; no other vendors or products are listed as impacted.

The estimated exploitation probability is very low (EPSS < 1%) and the flaw is not present in the CISA KEV catalog, suggesting that it is not currently the focus of widespread attacks. However, the vulnerability can be leveraged by a user who has at least some level of access to the WordPress site, possibly via social engineering or exploitation of other weaknesses. Once reached, the attacker can perform non‑destructive but potentially damaging configuration changes or data retrieval, raising confidentiality and integrity concerns. The risk is considered moderate, but timely remediation is advised to prevent potential abuse.