Description
Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.
Published: 2025-03-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to leverage incorrectly configured access control security levels within the Music Press Pro plugin. Without proper checks, a user can execute privileged plugin actions beyond their intended permissions, potentially accessing and manipulating content or settings that should be restricted.

Affected Systems

The issue affects the Music Press Pro plugin for WordPress, distributed by tuyennv. Versions from the earliest available up to and including 1.4.6 are vulnerable; any installation running those releases is at risk.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate risk. The EPSS score of less than 1% suggests a very low likelihood of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The attack likely occurs over the web interface, may require authenticated access, and exploits the absence of proper authorization checks; the exact conditions are inferred from the description.

Generated by OpenCVE AI on May 1, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Music Press Pro plugin to version 1.4.7 or later where the access control issue is fixed.
  • Ensure that only administrator‑level users can access the plugin’s settings and management screens by configuring WordPress role capabilities.
  • If an immediate update is not possible, temporarily restrict the plugin’s functionality to administrators by using a role‑based access control plugin or custom code.
  • Continuously monitor the site for unauthorized access attempts or abnormal plugin usage patterns.

Generated by OpenCVE AI on May 1, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7934 Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6. Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.
Title WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 25 Mar 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 24 Mar 2025 14:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6.
Title WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:54.874Z

Reserved: 2025-03-24T13:00:32.064Z

Link: CVE-2025-30591

cve-icon Vulnrichment

Updated: 2025-03-25T17:48:38.188Z

cve-icon NVD

Status : Deferred

Published: 2025-03-24T14:15:31.333

Modified: 2026-04-23T15:26:55.867

Link: CVE-2025-30591

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T04:30:08Z

Weaknesses