This vulnerability is a missing authorization flaw that allows an attacker to exploit incorrectly configured access control security levels in the WordPress Easy Quotes plugin. The flaw lets a user perform actions normally reserved for privileged roles, such as creating, editing, or deleting quotes, and potentially altering plugin settings. Consequently, an attacker can gain unauthorized control over content displayed by the site and may undermine the integrity of posted quotes.

The Easy Quotes plugin for WordPress, developed by Jürgen Müller, is affected on all released versions up to and including 1.2.4. Any WordPress installation that has a version of Easy Quotes 1.2.4 or earlier is vulnerable.

The CVSS base score of 5.3 indicates moderate severity, while the EPSS score of less than 1% means the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog. Although the attack vector is not explicitly stated in the description, it is reasonable to infer that the flaw could be abused by any user who can reach the plugin’s management interface, either authenticated or possibly unauthenticated if the site’s settings expose the plugin’s configuration. Because the issue arises from misconfigured access controls, it can be leveraged to execute privileged actions once the attacker can reach the plugin.