The vulnerability is a missing authorization flaw in the Web Accessibility By accessiBe WordPress plugin, which allows a malicious actor to bypass correctly configured access control levels and access data or functionality that should be restricted. This flaw can expose protected plugin settings or other sensitive content that the user base does not normally have permission to view or modify. The weakness is a classic access‑control issue identified as CWE‑862.

WordPress sites that have installed the Web Accessibility By accessiBe plugin in any version up to and including 2.10 are affected. The problem is limited to installations of the plugin on WordPress and does not affect the core WordPress software or other plugins.

The CVSS score of 5.4 indicates a moderate level of severity, meaning the vulnerability is not trivial but is capable of compromising confidentiality of protected resources. The EPSS score of less than 1% suggests that, at the time of analysis, the probability of exploit is low. The vulnerability is not listed in the CISA KEV catalog, so it is not a known widespread exploit target. Based on the description, the likely attack vector is remote and involves interacting with the plugin’s front‑end or back‑end interfaces; an attacker may need to send crafted requests that take advantage of the missing authorization checks. Methodologically, the flaw would be straightforward for a skilled attacker to exploit if a site exposes the plugin’s administrative endpoints to unauthenticated users or weakly authenticated users.