CVE-2025-52802: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress plugin 'Import YouTube videos as WP Posts' (versions through 2.1). The vulnerability was reported on May 21, 2025, and publicly disclosed on June 19, 2025. This security issue is tracked as CVE-2025-52802 and relates to incorrectly configured access control security levels (Wiz, Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862: Missing Authorization) that allows unauthorized access due to missing authorization, authentication, or nonce token checks in certain functions. The severity is rated as HIGH with a CVSS v3.1 score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) (Wiz).

The vulnerability could potentially allow unprivileged users to execute higher privileged actions within the WordPress installation. The impact primarily affects the integrity of the system, as indicated by the CVSS metrics showing high impact on integrity (I:H) but no direct impact on confidentiality (C:N) or availability (A:N) (Wiz).

As of the disclosure date, no official fix is available for this vulnerability. The software is considered abandoned, as it hasn't been updated for over a year. Security experts recommend removing and replacing the plugin with an alternative solution (Patchstack).