The vulnerability in the yydevelopment Mobile Contact Line plugin is a missing authorization flaw that allows users to access or manipulate functionality intended for privileged users. This flaw arises from incorrectly configured access control security levels, which can enable attackers to read or modify plugin settings or trigger actions that should be restricted. Consequently, data confidentiality and integrity may be compromised, potentially exposing sensitive contact information or allowing the insertion of inappropriate content.

The vulnerability impacts the Mobile Contact Line plugin distributed by yydevelopment. All released versions up through and including 2.4.0 are affected; no specific sub‑packages are mentioned and the issue spans the entire plugin codebase.

The CVSS base score of 4.3 indicates a moderate impact if exploited, while the EPSS score of <1% suggests that widespread exploitation is unlikely. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves the plugin’s administrative interface or exposed API endpoints, where an attacker could craft requests to reach protected functions without appropriate permission checks. The description does not specify whether an unauthenticated or a privileged user is required, so the exact risk depends on the system’s current role configuration.