This vulnerability arises from a missing authorization check in the Black and White BookPress – For Book Authors WordPress plugin. The flaw permits users who should not have certain privileges to access or modify data, or to invoke administrative functions. The description explicitly notes incorrectly configured access control security levels, and the weakness is classified as CWE‑862. Because the description and CVE entry do not explicitly state the confidentiality, integrity and availability consequences, these impacts are inferred from the nature of an authorization bypass—an attacker could read protected data, alter content, or disrupt normal site operation.

All installations of the Black and White BookPress – For Book Authors WordPress plugin with a version number of 1.2.7 or earlier are affected. The vulnerability applies from the initial release up to and including version 1.2.7.

The CVSS score of 8.2 places the issue in the high‑severity range. The EPSS score of less than 1% indicates a low probability of exploitation based on current activity patterns. The vulnerability is not listed in CISA’s KEV catalog, so it has not yet been confirmed as a known exploited weakness. The likely attack vector is through the plugin’s web interface; an authenticated user with low privileges could send crafted requests that bypass the intended security checks and gain unauthorized access to data or administrative functions. As the flaw allows unauthorized actions, it could compromise confidentiality, integrity and availability if an attacker escalates access to the WordPress instance.