Description
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

MadrasThemes MAS Videos plugin versions up to 1.3.2 contains a missing authorization flaw that allows attackers to exploit incorrectly configured access control security levels. The vulnerability enables unauthorized users to bypass intended access restrictions, potentially accessing or manipulating the plugin’s data and functionality. This weakness is classified as CWE-862, which denotes a missing authorization flaw.

Affected Systems

The affected systems are installations of the MAS Videos WordPress plugin developed by MadrasThemes, specifically any version from the earliest available through 1.3.2. No specific minor versions are listed beyond the upper bound.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity rating. However, the EPSS score of less than 1 percent suggests that exploitation is currently unlikely. The vulnerability is not present in the CISA KEV catalog. The attack vector is not explicitly defined in the report; based on the nature of the flaw (missing authorization in a WordPress plugin), the likely vector is remote via the web interface, but this is inferred and not directly cited.

Generated by OpenCVE AI on March 19, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the MAS Videos plugin to a version newer than 1.3.2 that includes the access control fix.

Generated by OpenCVE AI on March 19, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Madrasthemes
Madrasthemes mas Videos
Wordpress
Wordpress wordpress
Vendors & Products Madrasthemes
Madrasthemes mas Videos
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
Title WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Madrasthemes Mas Videos
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:56.636Z

Reserved: 2026-03-12T11:10:47.068Z

Link: CVE-2026-32348

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:50.669Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:46.590

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32348

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:08Z

Weaknesses