CVE-2026-39704
Received Received - Intake
Missing Authorization in Precious Metals Automated Pricing Pro

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39704
EUVD
EUVD-2026-20408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nfusionsolutions precious_metals_automated_product_pricing_pro to 4.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39704 is a Broken Access Control vulnerability in the WordPress plugin "Precious Metals Automated Product Pricing – Pro" versions up to and including 4.0.5.

This vulnerability arises from missing authorization, authentication, or nonce token checks, which allows unauthenticated users to perform actions that should be restricted to higher privileged users.

It is classified as an OWASP Top 10 A1 vulnerability, indicating a critical security weakness related to access control.

Impact Analysis

This vulnerability allows unauthorized users to perform privileged actions within the affected plugin, potentially leading to unauthorized changes or access to sensitive functionality.

However, the CVSS severity score is 5.3, indicating a low priority threat with limited impact and it is unlikely to be widely exploited.

No official patch is currently available, so immediate mitigation involves updating the plugin if possible or seeking assistance from hosting providers or web developers.

Detection Guidance

This vulnerability is a Broken Access Control issue in the WordPress plugin "Precious Metals Automated Product Pricing – Pro" up to version 4.0.5, where missing authorization allows unauthorized actions.

No specific detection commands or network/system scanning instructions are provided in the available resources.

Compliance Impact

The vulnerability is a Broken Access Control issue allowing unauthorized actions by unauthenticated users, which could potentially lead to unauthorized access to sensitive data or functionality.

Such unauthorized access risks may impact compliance with standards and regulations like GDPR or HIPAA, which require strict access controls to protect personal and sensitive information.

However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these regulations.

Mitigation Strategies

Immediate mitigation involves updating the affected plugin to a fixed version if available.

Since no official patch is currently available, users are advised to seek assistance from their hosting provider or web developer to implement temporary access controls or other protective measures.

Rapid vulnerability mitigation and ongoing security intelligence services are recommended to manage this and similar WordPress plugin security issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39704. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart