Description
Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.
Published: 2025-09-09
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerable Target Video Easy Publish plugin for WordPress contains a missing authorization flaw that allows an attacker to execute arbitrary code when interacting with the plugin’s shortcode functionality. The flaw stems from inadequate checks for user permissions before processing shortcode requests, enabling attackers to inject malicious code into the site’s content. This weakness is identified as CWE-862: Missing Authorization.

Affected Systems

WordPress sites that have the Target Video Easy Publish plugin from Nebojsa installed and running any version equal to or older than 3.8.9 are affected. No additional version details are provided beyond the stated upper bound.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.4, indicating moderate severity, and an EPSS score of less than 1%, suggesting low probability of exploitation. It is not listed in the CISA KEV catalog. Likely attack vectors involve attackers who can add or edit content on the site, exploiting the missing authorization check during shortcode processing. The risk level is moderate but mitigatable with appropriate patching or configuration changes.

Generated by OpenCVE AI on April 30, 2026 at 15:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Target Video Easy Publish plugin to the latest version that addresses the authorization issue; if no update is available, consider decommissioning the plugin.
  • Restrict the use of shortcode functionality to users with administrative privileges, enforcing proper authorization checks on all content-modifying actions.
  • Disable or remove the plugin on sites where it is not required, and ensure that any remaining use follows the principle of least privilege.

Generated by OpenCVE AI on April 30, 2026 at 15:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27446 Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8. Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.
Title WordPress Target Video Easy Publish plugin <= 3.8.8 - Arbitrary Shortcode Execution vulnerability WordPress Target Video Easy Publish plugin <= 3.8.9 - Arbitrary Code Execution vulnerability
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Tue, 09 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Sovica
Sovica target Video Easy Publish
Wordpress
Wordpress wordpress
Vendors & Products Sovica
Sovica target Video Easy Publish
Wordpress
Wordpress wordpress

Tue, 09 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8.
Title WordPress Target Video Easy Publish plugin <= 3.8.8 - Arbitrary Shortcode Execution vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Sovica Target Video Easy Publish
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:28.437Z

Reserved: 2025-04-09T11:21:30.217Z

Link: CVE-2025-32688

cve-icon Vulnrichment

Updated: 2025-09-09T17:49:38.936Z

cve-icon NVD

Status : Deferred

Published: 2025-09-09T17:15:43.243

Modified: 2026-04-23T15:29:21.253

Link: CVE-2025-32688

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T15:30:16Z

Weaknesses