The vulnerability is a broken access control flaw that allows an unauthenticated user to bypass authorization checks within the Accordion Slider Gallery plugin. Because the plugin does not enforce proper authentication or role‑based access, attackers can reach protected functions and potentially read or manipulate site content. The weakness is categorized as CWE‑862, indicating missing or incorrect authorization logic.

WordPress sites that use the Accordion Slider Gallery plugin developed by wpdiscover, any installation with a plugin version up through and including 2.7 is affected. Any site that has not applied a newer release of the plugin is vulnerable.

The CVSS score of 4.3 rates the vulnerability as low to moderate severity. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Attackers could exploit the flaw over the web by accessing plugin‑specific endpoints that lack authentication. The attack would be remote, requiring only that the vulnerable site is reachable and that the plugin endpoints are exposed, but no privileged access is required. Overall, the risk is limited but non‑negligible for sites that rely heavily on the plugin’s gallery features.