CVE-2026-56030
Deferred Deferred - Pending Action

Unauthenticated Privilege Escalation in Paytium

Vulnerability report for CVE-2026-56030, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack paytium to 5.0.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Paytium Plugin, versions 5.0.2 and below, contains a critical Privilege Escalation vulnerability (CVE-2026-56030). This flaw allows unauthenticated attackers to escalate their access privileges from low or no access to higher levels, potentially gaining full control over the affected website.

The vulnerability is classified under OWASP Top 10 A7 (Identification and Authentication Failures), indicating it relates to failures in properly verifying user identity or permissions.

Impact Analysis

This vulnerability can have a severe impact as it allows attackers without any authentication to escalate their privileges and potentially take full control of your website.

Such control could lead to unauthorized access to sensitive data, modification or deletion of content, disruption of services, and further exploitation of the compromised system.

Compliance Impact

The vulnerability allows unauthenticated attackers to escalate privileges and potentially gain full control of the website, which can lead to unauthorized access to sensitive data.

Such unauthorized access and control can result in violations of common standards and regulations like GDPR and HIPAA, which require strict protection of personal and sensitive information.

Failure to mitigate this vulnerability promptly could lead to data breaches, compromising confidentiality, integrity, and availability of data, thereby impacting compliance.

Mitigation Strategies

Immediate action is required to mitigate the risk of this high-priority privilege escalation vulnerability in the WordPress Paytium Plugin versions 5.0.2 and below.

  • Update the Paytium plugin to version 5.0.3 or later.
  • Apply the mitigation rule provided by Patchstack if updating is not immediately possible.
  • Enable auto-updates for vulnerable plugins if you are a Patchstack user to ensure ongoing protection.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart