The Paytium plugin for WordPress contains an unauthenticated privilege escalation vulnerability that grants attackers full administrative control over the affected site.

The vulnerability exists due to improper validation of user privileges, enabling an unauthenticated attacker to manipulate plugin functions to escalate their account status to administrator.

A CVSS score of 9.8 underscores the severity of this issue, as it allows for complete unauthorized access to payment-related data and site settings. Successful exploitation could result in significant financial and reputational damage, particularly given the plugin's role in handling payment transactions.

Immediate Action: Apply the latest security update provided by Paytium to address the privilege escalation vulnerability.

Proactive Monitoring: Monitor user account activity and audit logs for any unauthorized administrative account creation or unexpected changes to user roles.

Compensating Controls: Ensure a robust WAF is active to filter malicious traffic and block requests targeting known vulnerable plugin interfaces.

Public Exploit Available: Unknown

This vulnerability presents an unacceptable risk to business continuity and data security. Organizations utilizing Paytium must treat this update with the highest priority, ensuring all affected instances are patched immediately to mitigate the threat of unauthorized administrative takeover.