What the vulnerability does
01Description
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 4.0.2.
Explanation of Vulnerability in Simple Terms
02Summary
Peach Payments Gateway versions 4.0.2 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data or disrupt service. The vulnerability requires no user interaction and is remotely exploitable over the network. Site owners using this payment gateway should update immediately to prevent unauthorized transaction manipulation or service interruption.
What an attacker can do
03Attacker Capabilities
Modify payment data or disrupt the payment gateway service without authentication.
Potential impact on your site
04Site Impact
Attackers can alter transactions, disable payment processing, or corrupt payment records without logging in.
Conditions required to exploit
05Prerequisites
Network access to the Peach Payments Gateway; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published