Skip to main content

Mas Videos EUVDEUVD-2026-11834

| CVE-2026-32348 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11834
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:41 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.

AnalysisAI

MAS Videos through version 1.3.2 contains an authorization bypass that allows unauthenticated attackers to modify data due to improper access control validation. An attacker can exploit this vulnerability over the network without user interaction to manipulate protected resources. No patch is currently available for this vulnerability.

Technical ContextAI

MAS Videos is a WordPress plugin developed by MadrasThemes that provides video management and hosting capabilities. The vulnerability stems from CWE-862 (Missing Authorization), a class of weakness where the application fails to enforce proper access control checks before allowing sensitive operations. The plugin does not adequately verify that users making requests to modify video content possess the necessary permissions or authentication tokens. This is a classic server-side access control failure where security decisions are either missing entirely or rely on client-side validation rather than server-side authorization enforcement. The vulnerability affects the plugin across versions up to and including 1.3.2, indicating a longstanding authorization bypass condition in the access control security levels implemented by the plugin.

RemediationAI

Immediately upgrade MAS Videos plugin to the latest available version beyond 1.3.2 through the WordPress plugin management interface or directly from MadrasThemes. Verify that the upgraded version includes proper authorization checks by reviewing the plugin changelog or security advisory from MadrasThemes. Until a patched version can be deployed, implement network-level access restrictions to limit plugin functionality to authenticated WordPress administrators only, and consider disabling video modification endpoints at the web server level using .htaccess or equivalent rules if the plugin is not actively in use. Additionally, conduct an audit of any video content modifications that occurred while running vulnerable versions to identify unauthorized changes.

Share

EUVD-2026-11834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy