Description
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unrestricted access to plugin administrative functions
Action: Immediate Patch
AI Analysis

Impact

The flaw is a missing authorization check that permits untrusted users to access or modify the affiliate link manager. Attackers can alter link properties, inject malicious URLs, or delete existing links. The weakness corresponds to CWE‑862, which indicates a missing authorization vulnerability. The flaw allows either confidentiality exposure if sensitive link data is accessed, integrity compromise through unauthorized link modification, or availability reduction if links are destroyed.

Affected Systems

The vulnerability affects the WordPress plugin AnyTrack Affiliate Link Manager from version 1.5.5 and earlier. All installations of the plugin in a WordPress environment are potentially impacted, regardless of the domain or hosting configuration.

Risk and Exploitability

The CVSS score is not publicly disclosed, and no EPSS value is available, so the exact severity cannot be quantified. Based on the description, it is inferred that the attacker can send crafted requests to the plugin’s admin endpoints without proper authentication, thereby exploiting the flaw. This results in high risk due to potential widespread abuse if the site’s admin interface is not adequately protected.

Generated by OpenCVE AI on April 8, 2026 at 10:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AnyTrack Affiliate Link Manager to version 1.5.6 or later as soon as possible.
  • If an update is not yet available, remove or deactivate the plugin until a patch is released.
  • Restrict WordPress admin access to trusted personnel using role‑based access controls or IP restrictions.
  • Monitor WordPress admin logs for suspicious activity related to the plugin.

Generated by OpenCVE AI on April 8, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Anytrack
Anytrack anytrack Affiliate Link Manager
Wordpress
Wordpress wordpress
Vendors & Products Anytrack
Anytrack anytrack Affiliate Link Manager
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.
Title WordPress AnyTrack Affiliate Link Manager plugin <= 1.5.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Anytrack Anytrack Affiliate Link Manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:49.638Z

Reserved: 2026-04-07T10:58:29.177Z

Link: CVE-2026-39715

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:44.533

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:01Z

Weaknesses