Executive Summary

CVE-2025-67942 is a medium severity Broken Access Control vulnerability in the WordPress Peach Payments Gateway Plugin (up to version 3.3.6). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that should be restricted to higher privileged users. This flaw falls under the OWASP Top 10 category A1: Broken Access Control. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthenticated users to perform privileged actions, which can lead to unauthorized access or manipulation of payment gateway functions. Because it requires no prior authentication, it poses a moderate risk of exploitation, potentially compromising the security and integrity of payment processing on affected sites. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection of CVE-2025-67942 involves monitoring for unauthorized access attempts or actions that should require higher privileges in the Peach Payments Gateway plugin (versions up to 3.3.6). Patchstack provides mitigation rules and security monitoring tools that can help detect exploitation attempts. Specific commands are not provided in the available resources, but using Patchstack's tools or scanning for plugin versions <= 3.3.6 on your WordPress installation can help identify vulnerable instances. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Peach Payments Gateway plugin to version 3.3.7 or later, where the issue is fixed. Until the update can be applied, users can implement Patchstack's mitigation rules that block attacks targeting this vulnerability. Additionally, enabling automatic updates for the plugin can ensure rapid protection against this and similar vulnerabilities. [1]

Useful 0 Not Useful 0