CVE-2026-39704
Missing Authorization in Precious Metals Automated Pricing Pro
Publication date: 2026-04-08
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nfusionsolutions | precious_metals_automated_product_pricing_pro | to 4.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39704 is a Broken Access Control vulnerability in the WordPress plugin "Precious Metals Automated Product Pricing β Pro" versions up to and including 4.0.5.
This vulnerability arises from missing authorization, authentication, or nonce token checks, which allows unauthenticated users to perform actions that should be restricted to higher privileged users.
It is classified as an OWASP Top 10 A1 vulnerability, indicating a critical security weakness related to access control.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users to perform privileged actions within the affected plugin, potentially leading to unauthorized changes or access to sensitive functionality.
However, the CVSS severity score is 5.3, indicating a low priority threat with limited impact and it is unlikely to be widely exploited.
No official patch is currently available, so immediate mitigation involves updating the plugin if possible or seeking assistance from hosting providers or web developers.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Broken Access Control issue in the WordPress plugin "Precious Metals Automated Product Pricing β Pro" up to version 4.0.5, where missing authorization allows unauthorized actions.
No specific detection commands or network/system scanning instructions are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the affected plugin to a fixed version if available.
Since no official patch is currently available, users are advised to seek assistance from their hosting provider or web developer to implement temporary access controls or other protective measures.
Rapid vulnerability mitigation and ongoing security intelligence services are recommended to manage this and similar WordPress plugin security issues.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a Broken Access Control issue allowing unauthorized actions by unauthenticated users, which could potentially lead to unauthorized access to sensitive data or functionality.
Such unauthorized access risks may impact compliance with standards and regulations like GDPR or HIPAA, which require strict access controls to protect personal and sensitive information.
However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these regulations.