The vulnerability arises from a missing authorization check that allows users to perform actions without proper authentication or privilege verification. This flaw permits an attacker to access protected features or data within the Saoshyant Page Builder plugin, potentially leading to unauthorized content modification or data exposure. The weakness is classified as CWE‑862, representing a failure to enforce access control, which directly impacts the confidentiality and integrity of site content managed by the plugin.

This issue affects WordPress sites that use the Saoshyant Page Builder plugin from the earliest releases through version 3.8. The problematic vendor is saoshyant1994, and the affected product is the Saoshyant Page Builder plugin served under WordPress environments. No further sub‑version detail is provided, so all installs of the plugin up to and including 3.8 are considered vulnerable.

The CVSS score for the vulnerability is 5.3, indicating a medium severity according to the Common Vulnerability Scoring System. The EPSS score is less than 1%, suggesting a very low probability of exploitation at the time. The vulnerability is not listed in the CISA KEV catalog, further indicating that it has not yet been widely exploited. Based on the description, the likely attack vector is through the WordPress administrative interface, where an attacker who can forge requests or obtain any user credential may trigger the missing authorization path. Without a public exploit, the risk remains moderate, but remediation is advisable before exploitation is observed.