The vulnerability is a Cross‑Site Request Forgery flaw that allows an attacker to trigger unauthenticated actions within the WordPress Error Monitoring by Bugsnag plugin. An attacker can induce a logged‑in user, typically an administrator, to perform unintended operations, potentially including changing plugin configurations or other privileged actions. The weakness is classified under CWE‑352. This attack can lead to unauthorized changes and compromise the integrity of the monitoring setup.

The WordPress plugin "WordPress Error Monitoring by Bugsnag" authored by Tom Longridge is affected in all releases from the first public stage through version 1.6.3. Users running any of these versions on a WordPress installation face the risk identified.

The CVSS base score of 7.1 indicates a high severity. The EPSS score is less than 1 %, implying a very low probability of exploitation at the time of this analysis, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a forged web request originating from a malicious site that a logged‑in administrator visits; the attacker can then perform privileged actions without additional authentication. The lack of protective measures such as nonces makes the vulnerability exploitable for changes that can affect system integrity.