CVE-2025-0955 MEDIUM

CVE-2025-0955: VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import

Vendor Beeteam368

Product VidoRev Extensions

Weakness CWE-862 · Missing authorization

Published March 14, 2025

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube videos.

Key dates

02Disclosure timeline

March 14, 2025 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0955 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-64356 WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability CVE-2024-33910 WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability CVE-2025-9637 Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations