Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.
AnalysisAI
Advanced Related Posts plugin through version 1.9.1 contains insufficient authorization controls that allow unauthenticated remote attackers to modify plugin settings and data. The vulnerability stems from improperly configured access restrictions in the plugin's functionality, enabling attackers to alter post relationships without proper authentication or permission validation.
Technical ContextAI
The Advanced Related Posts plugin for WordPress implements access control mechanisms that are improperly configured or missing entirely in certain functional areas. The vulnerability stems from CWE-862 (Missing Authorization), which occurs when the application fails to perform authorization checks before allowing users to access or modify sensitive resources. The affected product is identified through CPE as the Ays Pro Advanced Related Posts plugin. The root cause involves inadequate verification of user privileges before granting access to administrative or sensitive operations, allowing the access control security levels to be circumvented by attackers who can reach the vulnerable endpoints over the network without authentication credentials.
RemediationAI
Immediately upgrade the Advanced Related Posts plugin to the latest version beyond 1.9.1, which should include authorization checks and access control fixes. Until the plugin can be updated, disable the plugin temporarily if it is not critical to site operations, or restrict access to any administrative interfaces associated with the plugin through WordPress user role management and web server firewall rules. Review and audit any sensitive data or settings that may have been exposed through this vulnerability while it was active on affected sites. Consult the plugin vendor's security advisory for specific guidance on the patched version and any configuration changes required post-upgrade.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11802