CVE-2025-32688
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-32688
EUVD
EUVD-2025-27446
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack target_video_easy_publish *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-32688 is a medium-severity vulnerability in the WordPress Target Video Easy Publish plugin (versions up to 3.8.8) that allows a malicious user with subscriber-level privileges to remotely execute arbitrary code by exploiting the plugin's shortcode execution mechanism. This means an attacker can inject and run unauthorized code on affected websites, potentially compromising the site. There is no official patch yet, but a virtual patch is available to mitigate the risk. [1]

Impact Analysis

This vulnerability can allow attackers with low-level access (subscriber privileges) to execute arbitrary code remotely on your website, which can lead to unauthorized control, data manipulation, or further compromise of your site. Since exploitation can be automated and opportunistic, unpatched sites are at moderate risk of being targeted. Without mitigation, this could result in site defacement, data breaches, or malware installation. [1]

Detection Guidance

This vulnerability can be detected by monitoring for exploitation attempts targeting the shortcode execution mechanism in the Target Video Easy Publish plugin (versions up to 3.8.8). Since attackers typically automate exploitation attempts, network intrusion detection systems (NIDS) or web application firewalls (WAF) with rules to detect suspicious shortcode execution requests can help. Additionally, applying Patchstack's virtual patch can help block attack attempts and serve as a detection mechanism. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include applying Patchstack's virtual patch (vPatch) which blocks attack attempts exploiting this vulnerability until an official fix is released. Users should promptly apply this virtual patch to protect their sites. Additionally, it is recommended to seek professional incident response services if a site is suspected to be compromised, as plugin-based malware scanners may be unreliable due to tampering. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32688. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart