Impact
The vulnerability is an unauthenticated broken access control flaw that allows attackers to bypass authentication checks and gain unauthorized access to restricted functionality or data within the Woostify Sites Library plugin. This weakness may enable an attacker to view, modify, or delete content or configurations that should only be available to authenticated administrators, compromising the integrity of the WordPress site. The issue is categorized as CWE‑862.
Affected Systems
Affected vendors and products include Dylan Ngo’s Woostify Sites Library plugin for WordPress. Versions up to and including 1.6.2 are impacted. The plugin functions as a component within WordPress installations, and any site running the vulnerable version is at risk.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is currently not available, but the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the plugin’s administrative interface, which is assumed to be accessible without authentication based on the description. Because the flaw is unauthenticated, an attacker with internet access to the site could exploit the vulnerability without needing credentials, making the risk dependent primarily on the presence of public administrative URLs.
OpenCVE Enrichment