The identified issue is a missing authorization flaw within the Rashid Slider Path for Elementor WordPress plugin. This flaw allows attackers to bypass deliberately configured access control levels and exploit the plugin’s functions without proper authentication. The result is potentially unauthorized access to plugin features, which can lead to the reading or alteration of content and compromise confidentiality, integrity, or availability of the site’s data. The problem is classified as CWE‑862, a classic Broken Access Control vulnerability.

All deployments of the Rashid Slider Path for Elementor plugin that are at version 3.0.0 or earlier are affected. No additional version or patch information is supplied, so any installation of the plugin that remains on or before version 3.0.0 can be compromised.

The CVSS score of 4.3 indicates a moderate risk level, while the EPSS score of less than 1% suggests that the probability of exploitation presently is low. The vulnerability is not listed in the CISA KEV catalog. Attackers would typically access the plugin via web-based interactions, implying a web-based attack vector. Based on the description, it can be inferred that an attacker with webpage access or capability to submit data through the plugin could manipulate privileges or bypass restrictions.