Description
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update
AI Analysis

Impact

This vulnerability is a missing authorization flaw in the NM Gift Registry and Wishlist Lite WordPress plugin. Because the plugin does not enforce proper access control, any visitor can reach protected functionality without authentication. The weakness allows an attacker to read or modify registry and wishlist records that may contain personal or sensitive user information. The flaw is classified as a breach of access control (CWE‑862).

Affected Systems

The affected product is the NM Gift Registry and Wishlist Lite plugin developed by nmerii. Versions up to and including 5.13 are vulnerable. No additional vendor or version details are disclosed beyond this upper bound. Any WordPress site running the plugin in this range is impacted.

Risk and Exploitability

The publicly available severity and exploit probability metrics are not disclosed, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through the plugin’s web interfaces, enabling an unauthenticated user to access administrative pages or data. The risk is moderate to high if the plugin stores personal data, as an attacker could read, modify, or delete registry entries without permission.

Generated by OpenCVE AI on April 8, 2026 at 11:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the NM Gift Registry and Wishlist Lite plugin to a version newer than 5.13.

Generated by OpenCVE AI on April 8, 2026 at 11:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Nmerii
Nmerii nm Gift Registry And Wishlist Lite
Wordpress
Wordpress wordpress
Vendors & Products Nmerii
Nmerii nm Gift Registry And Wishlist Lite
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
Title WordPress NM Gift Registry and Wishlist Lite plugin <= 5.13 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Nmerii Nm Gift Registry And Wishlist Lite
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:21.468Z

Reserved: 2026-04-07T10:48:44.714Z

Link: CVE-2026-39588

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:29.063

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39588

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:42:18Z

Weaknesses