The vulnerability is a Cross‑Site Request Forgery condition that allows an attacker to cause a logged‑in user to submit unintended requests to the WordPress site. By luring an authenticated user to a crafted page, the malicious actor can make that user execute actions that the plugin permits, potentially altering plugin configuration or other site data. The entry does not list specific actions; however, any state‑changing request that the vulnerable plugin authorises becomes susceptible to abuse.

Fastmover’s Plugins Last Updated Column plugin up to and including version 0.1.3 is affected. Any installation of the plugin from its initial release through 0.1.3 is vulnerable. Users should ensure that the plugin is either removed or upgraded beyond 0.1.3.

The CVSS score of 4.3 indicates a moderate severity for a CSRF flaw. The EPSS score of less than 1% suggests that exploitation by attackers is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, the attack vector is conventional CSRF, requiring a victim who is authenticated to the site to be tricked into visiting a malicious page. While the risk of real‑world exploitation is low at present, the potential impact of unauthorized actions warrants timely remediation.