Skip to main content

Anytrack Affiliate Link Manager EUVDEUVD-2026-20427

| CVE-2026-39715 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-p42m-95rr-r9wf
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 15, 2026 - 12:44 vuln.today
CVSS changed
Apr 13, 2026 - 19:37 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20427
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.

AnalysisAI

Missing authorization in AnyTrack Affiliate Link Manager plugin versions up to 1.5.5 allows unauthenticated remote attackers to modify affiliate link configurations through incorrectly configured access control, affecting data integrity with low exploitation probability despite network-accessible attack surface.

Technical ContextAI

AnyTrack Affiliate Link Manager is a WordPress plugin that manages affiliate link configurations and access control policies. The vulnerability stems from CWE-862 (Missing Authorization), indicating the plugin fails to properly enforce authorization checks before allowing users to perform sensitive operations. The broken access control permits manipulation of affiliate link settings without verifying user privileges, affecting the plugin's security layer that should validate whether a requestor has permission to modify link configurations. This is distinct from authentication bypass-the plugin may accept requests but fails to verify the actor has authorization to perform the requested action.

RemediationAI

Update AnyTrack Affiliate Link Manager to a patched version released after 1.5.5. Verify the update is available through the WordPress plugin dashboard or the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/anytrack-affiliate-link-manager/vulnerability/wordpress-anytrack-affiliate-link-manager-plugin-1-5-5-broken-access-control-vulnerability. If an immediate patched version is unavailable, temporarily disable the AnyTrack Affiliate Link Manager plugin until the vendor releases a security update, and consider using alternative affiliate link management solutions with verified access control mechanisms.

Share

EUVD-2026-20427 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy