A missing authorization flaw in Tyler Moore’s Super Blank plugin permits attackers to delete any content on the site. The vulnerability arises from incorrectly configured access control levels, allowing users without proper privileges to issue content‑deletion requests. The result is a loss of data integrity and availability, with potential permanent removal of user posts or pages. The weakness is classified as CWE‑862, which signifies missing authorization controls.

The affected product is the Super Blank WordPress plugin from Tyler Moore. Version numbers from the initial release through but not including 1.2.1 (i.e., any release <= 1.2.0) are vulnerable. No specific sub‑version constraints are listed beyond the upper bound.

The CVSS score of 6.5 indicates moderate severity. The EPSS score of less than 1 % suggests low exploitation probability at the time of analysis, and the vulnerability is not currently listed in CISA’s KEV catalog. The likely attack vector involves interacting with the plugin’s administrative interface; the missing authorization check allows any user with access to the WordPress backend—or potentially even an unauthenticated user if the plugin’s endpoints are exposed—to invoke content‑deletion calls. Exploiting the flaw requires no special credentials beyond what the plugin incorrectly trusts, making it relatively easy for a threat actor who has already compromised a site or has gained user level access.