Skip to main content

Make My Trivia EUVDEUVD-2026-20412

| CVE-2026-39706 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-q67g-jvcc-rpxx
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20412
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.

AnalysisAI

Netro Systems Make My Trivia plugin through version 1.1.0 fails to properly enforce access controls, allowing unauthenticated remote attackers to read sensitive information by exploiting incorrectly configured security levels. This missing authorization vulnerability (CWE-862) has a CVSS base score of 5.3 with low real-world exploitation risk (EPSS 0.02%, CISA SSVC exploitation status 'none') despite being automatable, suggesting the flaw requires specific misconfiguration to be exploitable in practice.

Technical ContextAI

The vulnerability stems from broken access control in a WordPress plugin, affecting the Netro Systems Make My Trivia plugin (CPE: cpe:2.3:a:netro_systems:make_my_trivia:*:*:*:*:*:*:*:*). CWE-862 (Missing Authorization) indicates the application fails to validate whether a user is authorized to access specific resources or functions. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) shows the attack is network-exploitable without authentication, credentials, or user interaction, but with low complexity - however, the description specifies 'Incorrectly Configured Access Control Security Levels,' implying the vulnerability manifests under non-default or misconfigured deployments rather than in stock installations. The plugin runs within WordPress's permission model, where proper integration with WordPress role-based access controls (admin, editor, author, contributor, subscriber) is critical.

RemediationAI

Update Netro Systems Make My Trivia plugin to a patched version above 1.1.0 immediately. Review and correct access control configurations in WordPress settings and plugin options to ensure only intended user roles can access trivia content and administrative functions. Verify WordPress role assignments and verify that the plugin correctly respects the PR:N (unauthenticated) and C:L (confidentiality) scope of the flaw by auditing user role permissions in WordPress admin panel (Users > Roles and Capabilities). Consult the Patchstack advisory and NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-39706) for plugin-specific configuration guidance from the vendor.

Share

EUVD-2026-20412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy