CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-56030

CVSS 9.8v3.1pub. 2026-06-26

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves improper privilege assignment in the Paytium plugin logic. A remote attacker, without having any account in the system, is able to invoke plugin functionality and obtain a higher privilege level than they should be entitled to. The detailed mechanism of triggering the vulnerability is described in the vendor references.

Impact

An unauthenticated attacker can obtain elevated privileges in the WordPress system, which in practice can lead to takeover of the website, content modification, data theft, or installation of malicious software.

Mitigation & patch

The Paytium plugin should be updated immediately to a version higher than 5.0.2. Detailed information about the available patch can be found in the vendor references at patchstack.com.

Who is affected

Paytium plugin for WordPress versions 5.0.2 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References