Skip to main content

Advanced Related Posts CVE-2026-32329

| EUVDEUVD-2026-11802 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11802
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:41 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.

AnalysisAI

Advanced Related Posts plugin through version 1.9.1 contains insufficient authorization controls that allow unauthenticated remote attackers to modify plugin settings and data. The vulnerability stems from improperly configured access restrictions in the plugin's functionality, enabling attackers to alter post relationships without proper authentication or permission validation.

Technical ContextAI

The Advanced Related Posts plugin for WordPress implements access control mechanisms that are improperly configured or missing entirely in certain functional areas. The vulnerability stems from CWE-862 (Missing Authorization), which occurs when the application fails to perform authorization checks before allowing users to access or modify sensitive resources. The affected product is identified through CPE as the Ays Pro Advanced Related Posts plugin. The root cause involves inadequate verification of user privileges before granting access to administrative or sensitive operations, allowing the access control security levels to be circumvented by attackers who can reach the vulnerable endpoints over the network without authentication credentials.

RemediationAI

Immediately upgrade the Advanced Related Posts plugin to the latest version beyond 1.9.1, which should include authorization checks and access control fixes. Until the plugin can be updated, disable the plugin temporarily if it is not critical to site operations, or restrict access to any administrative interfaces associated with the plugin through WordPress user role management and web server firewall rules. Review and audit any sensitive data or settings that may have been exposed through this vulnerability while it was active on affected sites. Consult the plugin vendor's security advisory for specific guidance on the patched version and any configuration changes required post-upgrade.

Share

CVE-2026-32329 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy