The vulnerability in the Tasty Recipes Lite plugin is a missing authorization flaw that allows an attacker to perform protected actions without proper privilege checks. This flaw is reported as a Broken Access Control issue and is assigned a moderate CVSS score of 4.3, indicating a risk that could lead to unauthorized data modification or exposure within the WordPress site, without necessarily granting full system compromise. The impact is limited to the scope of the plugin’s functionality but could undermine the confidentiality or integrity of recipe data and related site settings.

WordPress sites that have installed the Strategy11 Team Tasty Recipes Lite plugin on any version up through 1.1.5. The affected range is explicitly stated as n/a through <= 1.1.5, meaning all releases up to and including that version are vulnerable.

The EPSS score is reported as less than 1%, indicating a low probability that this vulnerability is actively exploited in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the flaw appears to arise from incorrectly configured access control in the plugin’s code, likely allowing either unauthenticated users or users without administrative rights to trigger privileged actions. Attackers can exploit this by accessing specific plugin endpoints or forms that bypass normal authorization checks, which could be performed from a web browser or automated script once the plugin is installed on the target site.