This vulnerability is a missing authorization flaw that allows users to bypass access control settings while managing slides in the Slides & Presentations plugin. An attacker who can reach the plugin’s administrative interface or has any authenticated role can add, edit, or delete slides without the proper permissions, potentially hijacking presentation content and exposing sensitive information. The weakness is identified as CWE‑862. The impact is limited to the scope of the plugin’s operations but can be significant if the slides contain confidential data.

WordPress sites that install the Ella Van Durpe Slides & Presentations plugin version 0.0.39 or earlier. No specific operating system or WordPress core version is tied to the issue; the vulnerability applies to all environments where the plugin is deployed.

The CVSS score of 5.4 indicates a medium severity with limited impact. The EPSS score is below 1%, suggesting that exploitation is currently unlikely to be widespread. The vulnerability is not listed in CISA’s KEV catalog, so there are no known large‑scale exploits. The attack vector is inferred to be from any user who can authenticate to the WordPress site and interact with the plugin, as there is no explicit remote code execution or denial of service described. If the site’s role permissions grant broader access than intended, the flaw can be leveraged to compromise presentation data.