Description
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to privileged actions
Action: Patch Immediately
AI Analysis

Impact

This vulnerability is a missing authorization flaw in the Arjan Pronk linkPizza‑Manager WordPress plugin that allows an attacker to exploit incorrectly configured access control security levels. Because the plugin does not validate user permissions properly, an attacker can invoke administrative or protected functionality intended only for authorized users. The consequence is that data or settings managed by the plugin could be read, altered, or deleted, compromising the integrity and confidentiality of the site content.

Affected Systems

The issue impacts the linkPizza‑Manager plugin distributed by Arjan Pronk for WordPress platforms. All installations of the plugin with versions up to and including 5.5.5 are affected. No other WordPress plugins or core software are listed as affected.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score of less than 1% reflects a low probability of exploitation in the wild, and the vulnerability is not present in the CISA KEV list. Based on the description, it is inferred that the attack vector is through the web interface of the affected plugin, where a user—authenticated or potentially unauthenticated—could trigger privileged operations without proper checks. The exploit would require basic knowledge of the plugin’s administrative URLs or form submissions, making it relatively easy to conduct in a susceptible environment.

Generated by OpenCVE AI on April 8, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the linkPizza‑Manager plugin to the latest released version (5.5.6 or newer).
  • If an update is not immediately available, deactivate or uninstall the plugin until a patch is released.
  • Verify that all other plugins and WordPress core are updated to the latest stable releases.
  • Monitor site logs for any unauthorized or anomalous activity related to the plugin’s functionality.

Generated by OpenCVE AI on April 8, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Arjan Pronk
Arjan Pronk linkpizza-manager
Wordpress
Wordpress wordpress
Vendors & Products Arjan Pronk
Arjan Pronk linkpizza-manager
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
Title WordPress linkPizza-Manager plugin <= 5.5.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Arjan Pronk Linkpizza-manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T15:06:59.550Z

Reserved: 2026-04-07T10:58:05.155Z

Link: CVE-2026-39682

cve-icon Vulnrichment

Updated: 2026-04-08T15:06:32.832Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:40.003

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:38Z

Weaknesses