This vulnerability permits an attacker to bypass the plugin’s intended access restrictions, enabling them to execute privileged actions normally reserved for administrators. The flaw does not provide direct code execution or data exfiltration but allows unauthorized manipulation of plugin settings, potential escalation of privileges, or exposure of sensitive configuration data. The weakness is modeled by CWE‑862, reflecting the failure to enforce proper authorization controls.

The issue affects the all‑in‑one-performance‑accelerator (AIO Performance Profiler, Monitor, Optimize, Compress & Debug) plugin from Smackcoders Inc. for all releases from the earliest available version through version 1.2. No higher‑version information is available in the data.

With a CVSS score of 4.3 the severity is moderate, and the EPSS score of less than 1% indicates a low probability of exploitation at the time of this assessment. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely target the web interface, sending crafted requests that bypass role or capability checks to manipulate plugin state or access sensitive data. Because the plugin is widely used, even a modest exploit potential merits attention.