Description
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

Missing Authorization in the Payment Gateway Pix For GiveWP plugin allows attackers to bypass intended access controls, potentially granting them unauthorized access to restricted areas or data. The vulnerability stems from incorrectly configured access control security levels (CWE-862), which could let attackers retrieve or manipulate sensitive information within the WordPress site. No further exploitation details are provided in the official description, but the vulnerability permits unauthorized operations that would normally require higher privileges.

Affected Systems

The affected product is the linknacional Payment Gateway Pix For GiveWP WordPress plugin, version 2.2.3 and earlier. The vulnerability impacts all installations using any version through 2.2.3, as indicated by the CNA's affected version data.

Risk and Exploitability

According to the CVSS score of 5.3, this defines a medium severity vulnerability. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild, and it is not listed in CISA's KEV catalog. Exploitability likely requires a user to access the WordPress admin area or an exposed plugin endpoint; thus, the attack vector is inferred to be remote via web interface, but the exact vector is not explicitly defined in the provided data.

Generated by OpenCVE AI on March 19, 2026 at 15:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Payment Gateway Pix For GiveWP plugin to a version newer than 2.2.3.
  • Verify that access control settings enforce proper authorization for all plugin features.
  • Monitor the plugin for future releases and review patch notes on the vendor website.

Generated by OpenCVE AI on March 19, 2026 at 15:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Linknacional
Linknacional payment Gateway Pix For Givewp
Wordpress
Wordpress wordpress
Vendors & Products Linknacional
Linknacional payment Gateway Pix For Givewp
Wordpress
Wordpress wordpress

Sun, 15 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.
Title WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Linknacional Payment Gateway Pix For Givewp
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:14.605Z

Reserved: 2026-03-12T11:11:26.570Z

Link: CVE-2026-32425

cve-icon Vulnrichment

Updated: 2026-03-13T18:46:17.521Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:00.743

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:39Z

Weaknesses