CVE-2026-39682
Received Received - Intake
Missing Authorization in linkPizza-Manager Allows Unauthorized Access

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39682
EUVD
EUVD-2026-20367
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
arjan_pronk linkpizza_manager to 5.5.5 (inc)
linkpizza linkpizza_manager to 5.5.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39682 is a Broken Access Control vulnerability in the WordPress linkPizza-Manager Plugin versions up to and including 5.5.5.

This vulnerability arises from missing authorization, authentication, or nonce token checks within certain plugin functions, which allows unauthenticated users to perform actions that normally require higher privileges.

It is classified under the OWASP Top 10 category A1: Broken Access Control.

Compliance Impact

CVE-2026-39682 is a Broken Access Control vulnerability that allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks in the linkPizza-Manager plugin. Such unauthorized access can potentially lead to exposure or manipulation of sensitive data.

While the vulnerability has a low severity score (CVSS 5.3), exploitation could impact compliance with standards like GDPR or HIPAA if personal or protected health information is accessed or altered without proper authorization.

However, there is no explicit information provided about direct effects on compliance with these regulations in the available resources.

Impact Analysis

This vulnerability allows unauthenticated users to perform privileged actions within the linkPizza-Manager plugin, potentially leading to unauthorized changes or access.

Although the CVSS severity score is 5.3, indicating low severity and priority, it can still be exploited in mass campaigns targeting many websites indiscriminately.

No official patch is currently available, so affected users should update to a non-vulnerable version when released or seek assistance to implement protective measures.

Mitigation Strategies

The vulnerability in linkPizza-Manager plugin versions up to 5.5.5 is due to missing authorization checks allowing unauthenticated users to perform privileged actions.

Since no official patch is currently available, the recommended immediate mitigation is to update the plugin to a non-vulnerable version when it becomes available.

In the meantime, seek assistance from hosting providers or web developers to implement protective measures to restrict unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39682. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart