Missing authorization in Infomaniak Network VOD Infomaniak plugin up to version 1.5.9 permits any user to exploit incorrectly configured access control security levels. The flaw, classified as CWE‑862, allows an attacker to execute privileged plugin operations without proper validation of the requesting user. This can lead to unauthorized actions such as content manipulation, visibility of restricted media, or other privileged functions that should be restricted to authorized users.

The vulnerability affects Infomaniak Network’s VOD Infomaniak WordPress plugin across all releases from an unspecified baseline through version 1.5.9. WordPress sites that have installed this plugin and have not upgraded beyond 1.5.9 are potentially exposed. There is no further version specificity provided, so any site running these affected releases is at risk.

The CVSS score of 4.3 indicates a moderate impact with an EPSS probability of less than 1 %. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the likely attack vector is web‑based exploitation of the plugin’s endpoints, as the flaw is caused by missing authorization checks on requests. An attacker may exploit it without elevated privileges, possibly using any authenticated or even unauthenticated user context. The low EPSS suggests a small window of exploitation, though any mishandling of access control could be leveraged to create a broader security issue.