Missing authorization in the Eazy Plugin Manager plugin for WordPress allows an attacker to perform privileged actions through incorrectly configured access control security levels. These actions could include modifying plugin settings, adding or removing content, and executing other administrative functions without proper authentication. This vulnerability is classified under CWE‑862, indicating a failure to enforce necessary access controls.

The vulnerability affects the EazyPlugin Manager plugin developed by EazyPlugins. All releases up to and including version 4.3.0 are susceptible; earlier releases are not documented as impacted. The plugin is commonly installed on WordPress sites that use it to manage other plugins or site features.

The CVSS score of 8.8 reflects high severity, indicating significant potential impact to confidentiality, integrity, and availability if exploited. The EPSS score is below 1%, suggesting the probability of automated exploitation is low. The vulnerability is not listed in CISA KEV, implying no confirmed widespread exploitation. Based on the description, the likely attack vector involves web requests to privileged endpoints, presumably requiring a user with at least a standard WordPress role, though the exact vector is not explicitly defined in the description.