PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57408 peachpayments CVE debrief

A Missing Authorization vulnerability was found in the Peach Payments Gateway wc-peach-payments-gateway plugin. This issue allows for Exploiting Incorrectly Configured Access Control Security Levels and affects the plugin from n/a through version 4.0.2. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. Users of Peach Payments Gateway wc-peach-payments-gateway plugin, especially those using versions up to 4.0.2, should be aware of this vulnerability and take necessary actions to secure their installations. The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific impacts and affected scope, emphasizing the need for further investigation and verification.

Vendor
peachpayments
Product
Peach Payments Gateway
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Peach Payments Gateway wc-peach-payments-gateway plugin, especially those using versions up to 4.0.2, should be aware of this vulnerability and take necessary actions to secure their installations.

Technical summary

The CVE-2026-57408 vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. It is caused by a Missing Authorization issue in the Peach Payments Gateway wc-peach-payments-gateway plugin. The vulnerability allows for Exploiting Incorrectly Configured Access Control Security Levels. The affected versions of the plugin range from n/a to 4.0.2.

Defensive priority

Medium priority should be given to updating the Peach Payments Gateway wc-peach-payments-gateway plugin to a version beyond 4.0.2 to mitigate this vulnerability.

Recommended defensive actions

  • Update the Peach Payments Gateway wc-peach-payments-gateway plugin to a version beyond 4.0.2.
  • Review and adjust access control configurations for the plugin to ensure proper authorization levels are set.
  • Monitor for any suspicious activity related to the plugin.

Evidence notes

The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific impacts and affected scope, emphasizing the need for further investigation and verification.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:34.533Z and has not been modified since then. The NVD entry is currently in the 'Received' status.