The vulnerability is a missing authorization flaw in WPDeveloper Essential Blocks for Gutenberg, exposing functionalities that should be restricted. An attacker controlling a user account with sufficient privileges can exploit the incorrect access control levels to perform unauthorized operations, potentially altering content or accessing sensitive data. The weakness corresponds to CWE-862, an access control issue. The impact is local to the WordPress installation using the affected plugin but can scale to full site compromise if the attacker is a site administrator.

WordPress sites that have installed the Essential Blocks for Gutenberg plugin from any version up to and including 4.8.3. The issue is independent of the underlying operating system or theme, affecting all users who have administrative or editor permissions that can interact with the plugin’s features.

The CVSS score of 4.3 indicates a moderate severity, while the EPSS score of less than 1% suggests a very low probability of widespread exploitation at this time. The vulnerability is not yet listed in CISA’s KEV catalog. Exploitation would require an authenticated user who can access the plugin interface; it does not rely on remote code execution or privilege escalation beyond the user’s existing role. The likely attack vector is through the WordPress admin dashboard, where an attacker can trigger the unauthorized actions once they have account access.