The plugin Swiss Toolkit For WP contains a missing authorization flaw that permits attackers to exploit incorrectly configured access control security levels. This vulnerability allows an attacker to perform actions that should be restricted, such as reading, modifying, or deleting plugin data, without proper permission checks. The lack of an authorization gate means that any user with sufficient access to the plugin’s administrative interface could potentially gain unauthorized access to sensitive content or administrative controls.

The affected product is WP Messiah's Swiss Toolkit For WP plugin. All versions from the earliest available through 1.4.5 are vulnerable, meaning any site running the plugin on or before release 1.4.5 is impacted.

The CVSS score of 4.3 indicates moderate impact when the flaw is exploited. EPSS is below 1%, implying a low probability of exploitation in the near term, and the vulnerability is not listed in the CISA KEV catalog. Because the issue is a broken access control, the likely attack vector involves HTTP requests to the plugin’s endpoints, possibly through the administrative interface or other exposed URLs. The absence of explicit prerequisites in the description suggests that an attacker may exploit the flaw by simply accessing the plugin’s interface as any user who can reach it, though the precise conditions are not detailed in the available data.