CVE-2026-32425
Description
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Payment Gateway Pix For GiveWP plugin (<=2.2.3) allows unauthorized access to privileged actions.
Vulnerability
The Payment Gateway Pix For GiveWP plugin for WordPress versions up to and including 2.2.3 suffer from a missing authorization vulnerability. This broken access control issue means that certain functions lack proper authorization checks, potentially allowing unprivileged users to perform actions reserved for higher-privileged roles [1].
Exploitation
Exploitation does not require authentication and can be carried out over the network. The vulnerability has low complexity, making it easy for attackers to target affected sites. Given that the vector is trivial, automated exploitation in mass campaigns is possible.
Impact
An attacker exploiting this flaw could execute privileged actions, leading to privilege escalation or unauthorized access to sensitive functionality. Although classified as low severity by some, the CVSS score of 5.3 (Medium) indicates real risk.
Mitigation
The issue has been fixed in version 2.2.4. Users are strongly advised to update to the latest version or enable automatic updates for the plugin to prevent exploitation [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=2.2.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.