A missing authorization flaw in Master Slider allows an attacker who can reach the WordPress administration interface to manipulate slider content, add slides, or delete existing ones without proper permission checks. The vulnerability, categorized as CWE‑862, could lead to integrity and availability disruptions on the site, as an attacker may alter or remove essential visual elements. The CVSS score of 4.3 reflects a low severity rating, indicating that the defect does not enable arbitrary code execution or confidential data disclosure by itself.

The flaw impacts the Master Slider plugin developed by averta, affecting all installations from the earliest release through version 3.11.0. Any WordPress site that has never upgraded beyond 3.11.0 is potentially vulnerable, including the reported 3.10.7 build. The affected versions include those in the identified range, and the vulnerability applies to the entire plugin code base under these releases.

The EPSS score is reported as <1%, indicating a very low probability of exploitation observed in the wild. The CVSS rating of 4.3 and absence from the CISA KEV catalog suggest that the overall risk is moderate but not critical. The likely attack vector is an authenticated user who has access to the WordPress back‑end but lacks the proper authorization to manage sliders; this inference is drawn from the description’s mention of missing authorization and does not state an explicit external exploitation path.