The WordPress WP Snow Effect plugin contains a missing authorization check that allows any user to invoke functionality that should be protected by access control lists (CWE‑862). The vulnerability can be used to perform actions beyond the intended scope of a user’s role, such as dismissing notices or accessing internal plugin features. It does not provide a vector for arbitrary code execution but does compromise the integrity of the plugin’s intended access model. The statement that any user—including unauthenticated visitors—can use the functionality is inferred from the description that the flaw exposes unrestricted access, though the CVE text does not explicitly state the authentication level required.

WordPress installations that have the WP Snow Effect plugin version 1.1.19 or earlier are impacted. No further version details are specified beyond the stated cutoff.

The CVSS score of 5.3 indicates moderate severity. An EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers could exploit this flaw remotely by sending HTTP requests to the plugin’s internal endpoints; no special conditions or elevated privileges beyond the absence of an authorization check are required.