Frisbii Pay is susceptible to a privilege escalation vulnerability that enables authenticated contributors to gain administrative access, posing a severe risk to system integrity.

The vulnerability stems from insufficient access control enforcement within the Frisbii Pay plugin. An attacker with a low-privileged "contributor" account can bypass existing security checks to perform unauthorized administrative functions.

The ability for a contributor to escalate privileges to an administrator level directly threatens the security of the payment processing environment. With an 8.8 CVSS score, this vulnerability could facilitate unauthorized financial transactions, data theft, or complete site takeover, causing significant financial and operational impact.

Immediate Action: Apply the vendor-supplied patch to the Frisbii Pay plugin immediately upon release.

Proactive Monitoring: Monitor system logs for unauthorized attempts to access administrative functions by non-administrative user roles.

Compensating Controls: Utilize a Web Application Firewall (WAF) to restrict access to sensitive administrative URL paths and monitor for anomalous request patterns.

Public Exploit Available: false

Immediate action is necessary to address this high-severity vulnerability. Security teams must ensure the plugin is updated to the latest version and perform a comprehensive audit of all administrative user accounts to ensure no unauthorized escalation has already occurred.