Impact
The vulnerability is a missing authorization flaw that allows attackers to exploit incorrectly configured access control security levels. This broken access control means that unauthorized users could gain access to plugin management features or other privileged functions normally restricted to authenticated administrators. The weakness is identified as CWE-862, indicating a lack of proper access control enforcement.
Affected Systems
The affected product is the Inisev Social Media & Share Icons WordPress plugin, version 2.8.6 and any earlier release. The plugin can be installed on any WordPress website that has not been updated to 2.8.7 or later. The vendor is Inisev.
Risk and Exploitability
The CVSS score of 4.3 denotes moderate severity. No EPSS data is available, and the vulnerability has not been listed in the CISA KEV catalog. Based on the description, the most likely attack vector is through the web application, where an unauthenticated or low‑privileged user can request plugin URLs or endpoints that should be protected. If the attacker can access these endpoints, they may modify plugin settings, inject content, or otherwise perform actions intended to be restricted to administrators. The absence of an immediately available exploit and the moderate CVSS score suggest a moderate risk, but any site that relies on the plugin without patching remains vulnerable.
OpenCVE Enrichment