{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39588", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:48:44.714Z", "datePublished": "2026-04-08T08:30:21.468Z", "dateUpdated": "2026-04-08T08:30:21.468Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "nm-gift-registry-and-wishlist-lite", "product": "NM Gift Registry and Wishlist Lite", "vendor": "nmerii", "versions": [{"changes": [{"at": "5.14", "status": "unaffected"}], "lessThanOrEqual": "5.13", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:55.480Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.</p>"}], "value": "Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:21.468Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/nm-gift-registry-and-wishlist-lite/vulnerability/wordpress-nm-gift-registry-and-wishlist-lite-plugin-5-13-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress NM Gift Registry and Wishlist Lite plugin <= 5.13 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13."}], "id": "CVE-2026-39588", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T09:16:29.063", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/nm-gift-registry-and-wishlist-lite/vulnerability/wordpress-nm-gift-registry-and-wishlist-lite-plugin-5-13-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.13]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "NM Gift Registry and Wishlist Lite", "source": "cna", "vendor": "nmerii"}, "product": "nm_gift_registry_and_wishlist_lite", "vendor": "nmerii"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T11:08:06.945041+00:00", "value": {"mitigation_remediation": ["Update the NM Gift Registry and Wishlist Lite plugin to a version newer than 5.13."], "summary": {"action": "Update", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The affected product is the NM Gift Registry and Wishlist Lite plugin developed by nmerii. Versions up to and including 5.13 are vulnerable. No additional vendor or version details are disclosed beyond this upper bound. Any WordPress site running the plugin in this range is impacted.", "description_and_impact": "This vulnerability is a missing authorization flaw in the NM Gift Registry and Wishlist Lite WordPress plugin. Because the plugin does not enforce proper access control, any visitor can reach protected functionality without authentication. The weakness allows an attacker to read or modify registry and wishlist records that may contain personal or sensitive user information. The flaw is classified as a breach of access control (CWE\u2011862).", "risk_and_exploitability": "The publicly available severity and exploit probability metrics are not disclosed, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through the plugin\u2019s web interfaces, enabling an unauthenticated user to access administrative pages or data. The risk is moderate to high if the plugin stores personal data, as an attacker could read, modify, or delete registry entries without permission."}}}}, "created": "2026-04-08T19:29:59.753968+00:00", "updated": "2026-04-08T19:42:18.611875+00:00", "vendors": ["nmerii", "nmerii$PRODUCT$nm_gift_registry_and_wishlist_lite", "wordpress", "wordpress$PRODUCT$wordpress"]}