Skip to main content

Linkpizza Manager CVE-2026-39682

| EUVDEUVD-2026-20367 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-3w63-gvhp-2wgh
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20367
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.

AnalysisAI

Unauthenticated remote attackers can access sensitive information in linkPizza-Manager WordPress plugin through incorrectly configured access controls that fail to enforce proper authorization checks. The vulnerability affects linkPizza-Manager versions up to 5.5.5 and allows an unauthenticated attacker to obtain partial confidentiality impact with no modification or availability impact. No public exploit code has been identified at time of analysis.

Technical ContextAI

The vulnerability stems from a Missing Authorization flaw (CWE-862) in the linkPizza-Manager WordPress plugin, which fails to properly enforce access control security levels. The plugin does not adequately validate whether a user has the required permissions before allowing access to sensitive functionality or data. This is a common class of vulnerability in web applications where authorization checks are either absent or improperly implemented, allowing attackers to bypass intended access restrictions. The issue is classified as 'Incorrectly Configured Access Control Security Levels', indicating that the authorization controls exist but are misconfigured rather than completely absent. The affected product is identified via CPE as the linkPizza-Manager application spanning versions from initial release through version 5.5.5.

RemediationAI

Organizations should upgrade linkPizza-Manager to a version newer than 5.5.5 as soon as a patched release becomes available from the plugin developer. Users should verify the latest version on the official plugin repository and apply updates promptly. Until a patched version is released, administrators should restrict access to the plugin's functionality through WordPress role and capability management, limiting access to trusted administrators only. For detailed advisory information and current patch status, refer to the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/linkpizza-manager/vulnerability/wordpress-linkpizza-manager-plugin-5-5-5-broken-access-control-vulnerability and the NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-39682.

Share

CVE-2026-39682 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy