PatchSiren cyber security CVE debrief
CVE-2026-57408 peachpayments CVE debrief
A Missing Authorization vulnerability was found in the Peach Payments Gateway wc-peach-payments-gateway plugin. This issue allows for Exploiting Incorrectly Configured Access Control Security Levels and affects the plugin from n/a through version 4.0.2. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. Users of Peach Payments Gateway wc-peach-payments-gateway plugin, especially those using versions up to 4.0.2, should be aware of this vulnerability and take necessary actions to secure their installations. The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific impacts and affected scope, emphasizing the need for further investigation and verification.
- Vendor
- peachpayments
- Product
- Peach Payments Gateway
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Peach Payments Gateway wc-peach-payments-gateway plugin, especially those using versions up to 4.0.2, should be aware of this vulnerability and take necessary actions to secure their installations.
Technical summary
The CVE-2026-57408 vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. It is caused by a Missing Authorization issue in the Peach Payments Gateway wc-peach-payments-gateway plugin. The vulnerability allows for Exploiting Incorrectly Configured Access Control Security Levels. The affected versions of the plugin range from n/a to 4.0.2.
Defensive priority
Medium priority should be given to updating the Peach Payments Gateway wc-peach-payments-gateway plugin to a version beyond 4.0.2 to mitigate this vulnerability.
Recommended defensive actions
- Update the Peach Payments Gateway wc-peach-payments-gateway plugin to a version beyond 4.0.2.
- Review and adjust access control configurations for the plugin to ensure proper authorization levels are set.
- Monitor for any suspicious activity related to the plugin.
Evidence notes
The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific impacts and affected scope, emphasizing the need for further investigation and verification.
Official resources
-
CVE-2026-57408 CVE record
CVE.org
-
CVE-2026-57408 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status.