Description
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Ays Pro Advanced Related Posts WordPress plugin. The official description states that the flaw allows exploitation of incorrectly configured access control security levels, permitting an attacker to bypass expected permission checks and potentially access or modify the plugin’s configuration settings. The weakness is identified as CWE‑862: Missing Authorization.

Affected Systems

The affected product is the Ays Pro Advanced Related Posts plugin for WordPress. All releases from the earliest available version up through version 1.9.1 are vulnerable. Any WordPress site that has this plugin in that range is susceptible to the flaw.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity while the EPSS score of less than 1% suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be through requests to the plugin’s configuration endpoints or the admin interface, though the official description does not specify the precise path. Exploitation requires reaching a location where the missing authorization check applies, which may involve authenticated or unauthenticated requests depending on the site’s configuration.

Generated by OpenCVE AI on March 19, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Advanced Related Posts plugin to any release newer than version 1.9.1
  • If an upgrade cannot be performed immediately, restrict access to the plugin’s configuration area so that only administrators have permission to edit its settings
  • Regularly check the vendor or plugin update channel for new releases or patch notices

Generated by OpenCVE AI on March 19, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ays Pro
Ays Pro advanced Related Posts
Wordpress
Wordpress wordpress
Vendors & Products Ays Pro
Ays Pro advanced Related Posts
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.
Title WordPress Advanced Related Posts plugin <= 1.9.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Ays Pro Advanced Related Posts
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:52.124Z

Reserved: 2026-03-12T11:10:25.225Z

Link: CVE-2026-32329

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:14.440Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:43.230

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-32329

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:24Z

Weaknesses