Impact
A missing Authorization flaw in the Prince Integrate Google Drive plugin for WordPress allows attackers to bypass the plugin’s security levels, giving them the ability to read or manipulate Google Drive files that should be restricted. This breach of access control is classified as CWE‑862.
Affected Systems
All releases of the Prince Integrate Google Drive plugin up to version 1.3.8 are affected. WordPress sites that have not refreshed the plugin beyond this point remain vulnerable.
Risk and Exploitability
The CVSS score of 8.3 indicates a high severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog, so current exploitation prevalence is unknown; however, the high score signals that an attacker who can reach the plugin’s interface or API has a significant chance to exploit the broken access control. Based on the description, it is inferred that the plugin’s administrative UI or REST endpoints can be accessed by users lacking proper authorization. The attacker would therefore need the plugin installed on the target site and could potentially gain unauthorized access to the associated Google Drive files.
OpenCVE Enrichment