The identified flaw is an Incorrect Privilege Assignment vulnerability that allows an attacker to elevate privileges within the WordPress site. The weakness is classified as CWE-266, indicating that role or privilege levels are not correctly enforced in the OttoKit plugin. A successful exploitation could lead to an attacker gaining administrative rights, with full control over site content and configuration, compromising confidentiality, integrity, and availability of the web application.

WordPress sites running Brainstorm Force OttoKit up to and including version 1.0.82 are affected. All installations of the plugin in these versions inherit the privilege escalation flaw. Versions newer than 1.0.82 are assumed to have the issue addressed, though exact version applicability is not listed beyond the upper bound.

The CVSS score of 9.8 signals that this vulnerability is of critical severity, while an EPSS score of 81% indicates a very high likelihood that exploits are actively available or will be soon. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an authenticated user with lower privileges can use the plugin to elevate themselves to an administrator or other high‑privilege role; a remote attacker who can gain access to a WordPress account could therefore leverage this flaw.