Meitar’s Subresource Integrity (SRI) Manager plugin fails to enforce proper authorization checks, enabling an attacker to bypass the intended security boundaries of the plugin. Because the vulnerability allows exploitation of incorrectly configured access control security levels, an attacker could read or manipulate configuration settings and other protected content that should be restricted. The weakness is recorded as CWE‑862 and is limited to unauthorized access, not impacting code execution or availability directly.

The affected product is the WordPress Subresource Integrity (SRI) Manager plugin from Meitar. Versions from the earliest available release up through 0.4.0 inclusive are vulnerable. Users running the plugin on any WordPress installation are at risk if they have not applied a corrective update.

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of real‑world exploitation at this time. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and there are no public exploits described in the available references. The attack vector is inferred to be possible for anyone able to access the WordPress admin interface or otherwise interact with the plugin’s endpoints, provided the access control weaknesses are active. Upgrading to a fixed version would eliminate the risk.