This vulnerability stems from a missing authorization check in the Viral Loops WP Integration plugin. An attacker who can trigger the affected code path can gain unauthorized access to administrative functions within a WordPress site, potentially leading to content tampering, data disclosure, or further privilege escalation. The weakness is classified with CWE-862, indicating an access control flaw that undermines the intended security boundaries of the plugin.

The issue impacts the Viral Loops WP Integration plugin from its earliest release through version 3.8.1. WordPress sites that have not upgraded beyond 3.8.1 are susceptible; no specific operating systems or WordPress core versions are singled out.

The reported CVSS score of 4.3 places the vulnerability in the low‑to‑moderate severity range, suggesting limited impact if exploited. The EPSS score being less than 1% indicates a very low probability of exploitation in the wild, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. While the path to exploitation requires the attacker to reach a page or endpoint that triggers the flawed access control logic, the likely attack vector is local or authenticated, though this is inferred from the description and not explicitly stated in the data.