Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.
AnalysisAI
Missing authorization in AnyTrack Affiliate Link Manager plugin versions up to 1.5.5 allows unauthenticated remote attackers to modify affiliate link configurations through incorrectly configured access control, affecting data integrity with low exploitation probability despite network-accessible attack surface.
Technical ContextAI
AnyTrack Affiliate Link Manager is a WordPress plugin that manages affiliate link configurations and access control policies. The vulnerability stems from CWE-862 (Missing Authorization), indicating the plugin fails to properly enforce authorization checks before allowing users to perform sensitive operations. The broken access control permits manipulation of affiliate link settings without verifying user privileges, affecting the plugin's security layer that should validate whether a requestor has permission to modify link configurations. This is distinct from authentication bypass-the plugin may accept requests but fails to verify the actor has authorization to perform the requested action.
RemediationAI
Update AnyTrack Affiliate Link Manager to a patched version released after 1.5.5. Verify the update is available through the WordPress plugin dashboard or the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/anytrack-affiliate-link-manager/vulnerability/wordpress-anytrack-affiliate-link-manager-plugin-1-5-5-broken-access-control-vulnerability. If an immediate patched version is unavailable, temporarily disable the AnyTrack Affiliate Link Manager plugin until the vendor releases a security update, and consider using alternative affiliate link management solutions with verified access control mechanisms.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20427
GHSA-p42m-95rr-r9wf