CVE-2026-39706
Received Received - Intake
Missing Authorization in Netro Systems Make My Trivia

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39706
EUVD
EUVD-2026-20412
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netro_systems make_my_trivia to 1.1.0 (inc)
netro_systems make_my_trivia From 1.0.0 (inc) to 1.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-39706 is a Broken Access Control vulnerability in the WordPress plugin "Make My Trivia" versions up to and including 1.1.0.

This vulnerability arises from missing authorization, authentication, or nonce token checks within certain plugin functions, which allows unauthenticated users to perform actions that normally require higher privileges.

It falls under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

Because the vulnerability allows unauthenticated users to perform privileged actions, attackers could exploit it to manipulate or access parts of the plugin or website that should be restricted.

Although the CVSS severity score is 5.3, indicating low severity and low priority, there is a risk of mass-exploit campaigns targeting many websites indiscriminately.

Immediate mitigation involves updating the affected plugin or seeking assistance from hosting providers or web developers if an update is not possible.

Mitigation Strategies

The immediate mitigation involves updating the affected Make My Trivia plugin to a version newer than 1.1.0 if available.

If updating the plugin is not possible, users are advised to seek assistance from their hosting provider or web developer to implement appropriate access control measures.

Since no official patch is currently available, ongoing security intelligence and mitigation services from Patchstack may be helpful.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart