CVE-2026-39686
Information Exposure in BSK PDF Manager Allows Sensitive Data Retrieval
Publication date: 2026-04-08
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bannersky | bsk_pdf_manager | to 3.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39686 is a vulnerability in the WordPress BSK PDF Manager Plugin versions up to and including 3.7.2 that allows unauthenticated attackers to access sensitive information that is normally restricted from regular users.
This issue is classified as Sensitive Data Exposure and falls under the OWASP Top 10 category A3. It requires no privileges to exploit, meaning anyone can potentially retrieve embedded sensitive data from the system.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized exposure of sensitive system information, which could be leveraged by attackers to further exploit other system weaknesses.
Although the severity is rated as low with a CVSS score of 5.3, it can be used in mass-exploit campaigns targeting many websites regardless of their traffic or popularity.
If exploited, this could compromise the confidentiality of sensitive data and potentially lead to additional security breaches.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the affected BSK PDF Manager plugin to a version later than 3.7.2.
If updating is not possible, users are advised to seek assistance from their hosting provider or web developer to implement protective measures.
Rapid mitigation is emphasized to protect affected WordPress sites from sensitive data exposure and potential further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in BSK PDF Manager allows unauthorized access to sensitive information, which can lead to exposure of data that should be protected under regulations such as GDPR and HIPAA.
Exposure of sensitive data can result in non-compliance with these standards, as they require strict controls to prevent unauthorized access to personal or protected health information.
Although the severity is rated as low, the vulnerability falls under the OWASP Top 10 category A3: Sensitive Data Exposure, highlighting the risk of data breaches that could impact regulatory compliance.
Organizations using the affected plugin should prioritize mitigation to avoid potential violations of data protection laws and regulations.