Missing Authorization vulnerability in the Tasty Recipes Lite plugin allows attackers to exploit incorrectly configured access control security levels, enabling unauthorized users to perform privileged actions. Based on the description, the plugin’s internal endpoints lack proper authorization checks, so an attacker who can reach these endpoints could manipulate recipe data or plugin settings without the necessary privileges. The impact is a breach of integrity and potentially confidentiality of the WordPress site’s content.

The affected product is the Tasty Recipes Lite plugin released by Strategy11 Team. All releases up to and including version 1.1.5 are vulnerable. Sites running the plugin with any of these versions that do not apply the fix are at risk until the plugin is updated.

The CVSS base score of 4.3 reflects medium severity, with no evidence of remote code execution; however, the EPSS score of less than 1% indicates the likelihood of exploitation is low. The vulnerability is not listed in CISA KEV. An attacker would need to make a request to the plugin’s endpoint that bypasses normal WordPress role checks. No authentication requirement is explicitly mentioned, so the attack likely targets sites with publicly accessible endpoints. Organizations should treat this as an access control issue within WordPress and monitor for unusual plugin activity.