The vulnerability is a missing authorization flaw (CWE‑862) that allows an attacker to bypass the normal access controls within the WP DB Booster plugin. This flaw can enable the attacker to view, modify or delete WordPress database tables, and change administrative settings. The potential impact includes compromise of confidentiality, integrity and availability of the site’s data, and could provide a foothold for further attacks.

The plugin vendor is WPManiax and the affected product is WP DB Booster for WordPress. Any installation of the plugin with version 1.0.1 or earlier is vulnerable, regardless of the WordPress core version. Sites that rely on the plugin for database optimization should be considered at risk. The vulnerability affects instances where the plugin is installed and accessible through the WordPress administration interface.

The CVSS score of 5.4 indicates moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation based on current threat intelligence and the fact that the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via the web interface; an attacker would need access to the site or an entry point that triggers the plugin’s admin endpoints. If exploited, privilege escalation within the site’s administration can lead to full control over the underlying database, enabling data theft, site defacement, or persistence. The overall risk depends on the exposure of the WordPress installation and whether administrators are at risk.