[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4M8GJpvMzNEW6eOBV8Au4l5VJzLDGAYwm0f6-c7EfAo":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":25,"research_verified":26,"research_rounds_completed":27,"research_plan":28,"research_summary":29,"research_vulnerable_code":30,"research_fix_diff":31,"research_exploit_outline":32,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":26,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":26,"source_links":36},"CVE-2026-32425","payment-gateway-pix-for-givewp-missing-authorization","Payment Gateway Pix For GiveWP \u003C= 2.2.3 - Missing Authorization","The Payment Gateway Pix For GiveWP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.","payment-gateway-pix-for-givewp",null,"\u003C=2.2.3","2.2.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-28 00:00:00","2026-04-15 21:17:36",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb9f2be74-fedd-4844-95a4-a84318489e58?source=api-prod",47,[22,23,24],"Admin\u002FPGPFGForGivewpAdmin.php","Admin\u002Fcss\u002Fpgpfg-admin.css","Admin\u002Fjs\u002FPGPFGForGivewpAdminSettings.js","researched",false,3,"# Vulnerability Analysis Report: CVE-2026-32425\n\n## 1. Vulnerability Summary\nThe **Payment Gateway Pix For GiveWP** plugin (versions \u003C= 2.2.3) contains a missing authorization vulnerability within its administrative AJAX handlers. Specifically, functions designed for administrative tasks (such as saving plugin settings or dismissing notifications) are registered without appropriate capability checks (e.g., `current_user_can( 'manage_give_settings' )`). This allows unauthenticated attackers to trigger these actions by sending requests to `wp-admin\u002Fadmin-ajax.php`.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `wp-admin\u002Fadmin-ajax.php`\n- **Action:** `pgpfg_save_settings` (inferred from typical Link Nacional plugin patterns) or `pgpfg_dismiss_notice`.\n- **Authentication:** None (Unauthenticated). The vulnerability allows `nopriv` access or fails to check capabilities for authenticated users.\n- **Vulnerable Parameter:** `action`, along with setting fields like `lkn-payment-pix-key` or `lkn-payment-pix-environment`.\n- **Severity:** CVSS 5.3 (Medium). While it allows modifying settings, the \"Low\" integrity impact suggests it may be limited to settings that do not facilitate a full site takeover but can redirect donation information (Pix keys).\n\n## 3. Code Flow\n1. **Entry Point:** A request is made to `admin-ajax.php` with `action","The Payment Gateway Pix For GiveWP plugin for WordPress is vulnerable to unauthorized access and settings modification due to missing capability checks on its administrative AJAX handlers in versions up to 2.2.3. This allows unauthenticated attackers to perform administrative actions, such as dismissing plugin notices or potentially modifying Pix payment configuration settings.","\u002F\u002F From Admin\u002Fjs\u002Fpgpfg-admin.js @ 2.2.3\n\n const noticeDiv = document.createElement('div')\n noticeDiv.className = 'notice notice-info is-dismissible pgpfg-notice'\n noticeDiv.innerHTML = '\u003Cp>' + __('GiveWP Pix: You can receive donations with the help of various payment gateways. Access the settings to configure.', 'payment-gateway-pix-for-givewp') + ' \u003Ca href=\"' + wpApiSettings.root.replace('\u002Fwp-json\u002F', '\u002Fwp-admin\u002Fedit.php?post_type=give_forms&page=give-settings&tab=gateways§ion=lkn-payment-pix') + '\">' + __('Settings', 'payment-gateway-pix-for-givewp') + '\u003C\u002Fa>\u003C\u002Fp>'\n\n noticeDiv.querySelector('.notice-dismiss').onclick = function () {\n jQuery.ajax({\n url: ajaxurl,\n method: 'POST',\n data: {\n action: 'pgpfg_dismiss_notice'\n }\n })\n }","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fpayment-gateway-pix-for-givewp\u002F2.2.3\u002FAdmin\u002Fcss\u002Fpgpfg-admin.css \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fpayment-gateway-pix-for-givewp\u002F2.2.4\u002FAdmin\u002Fcss\u002Fpgpfg-admin.css\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fpayment-gateway-pix-for-givewp\u002F2.2.3\u002FAdmin\u002Fcss\u002Fpgpfg-admin.css\t2025-08-29 12:39:22.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fpayment-gateway-pix-for-givewp\u002F2.2.4\u002FAdmin\u002Fcss\u002Fpgpfg-admin.css\t2026-02-18 15:15:38.000000000 +0000\n@@ -34,12 +34,6 @@\n display: none;\n }\n \n-.PGPFGForGivewpAdminSettingsDiv tr {\n- \u002F*padding: 10px 14px;*\u002F\n- \u002F*margin: auto;*\u002F\n- max-width: 850px;\n-}\n-\n .PGPFGForGivewpAdminSettingsDiv td {\n background-color: #fff;\n display: flex;\n@@ -54,13 +48,15 @@\n align-items: center;\n }\n \n-.PGPFGForGivewpAdminSettingsDiv td label {\n+.PGPFGForGivewpAdminSettingsDiv td label,\n+.PGPFGForGivewpAdminSettingsDiv td div.lkn-pix-subtitle {\n font-weight: bold;\n font-size: 16px;\n margin: 3px 4px;\n }\n \n-.PGPFGForGivewpAdminSettingsDiv td label.lkn-pix-subtitle p {\n+.PGPFGForGivewpAdminSettingsDiv td label.lkn-pix-subtitle,\n+.PGPFGForGivewpAdminSettingsDiv td div.lkn-pix-subtitle p {\n color: rgb(60, 67, 74);\n font-weight: 400;\n margin: 0px !important;\n... (truncated)","An attacker can exploit this vulnerability by sending an unauthenticated POST request to the WordPress AJAX endpoint (`\u002Fwp-admin\u002Fadmin-ajax.php`). By specifying the `action` parameter as `pgpfg_dismiss_notice` or `pgpfg_save_settings`, the attacker can trigger the corresponding PHP callback functions. Since these functions lack `current_user_can()` checks and the hooks may be registered for unauthenticated users (via `wp_ajax_nopriv_`), the attacker can modify plugin state or configuration—such as changing the Pix key to redirect donations—without needing any administrative privileges.","gemini-3-flash-preview","2026-04-18 22:20:11","2026-04-18 22:21:52",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","2.2.3","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpayment-gateway-pix-for-givewp\u002Ftags\u002F2.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayment-gateway-pix-for-givewp.2.2.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpayment-gateway-pix-for-givewp\u002Ftags\u002F2.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayment-gateway-pix-for-givewp.2.2.4.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpayment-gateway-pix-for-givewp\u002Ftags"]