CVE-2024-25922
Description
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Peach Payments Gateway plugin allows unprivileged users to perform higher privileged actions; update to version 3.2.0.
The Peach Payments Gateway plugin for WordPress versions up to 3.1.9 suffers from a missing authorization vulnerability. This broken access control issue arises because certain functions lack proper authorization, authentication, or nonce token checks, allowing unprivileged users to execute actions intended for higher privileged roles [1].
Attackers can exploit this vulnerability remotely without needing special access, as the missing checks enable any user to trigger privileged functions. The vulnerability is known to be used in mass-exploit campaigns, targeting thousands of websites regardless of their size or popularity [1].
The impact of successful exploitation includes the ability to perform unauthorized actions, potentially leading to site compromise or data manipulation. While the CVSS score (5.4) indicates medium severity, the vendor considers it low risk, but active exploitation is a concern [1].
To mitigate this issue, users must update the plugin to version 3.2.0 or later, which contains the fix. Patchstack users can enable auto-updates for vulnerable plugins. If an immediate update is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.1.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.