The Jegstudio Gutenverse Form plugin contains a missing authorization flaw that allows the exploitation of incorrectly configured access control security levels. The issue enables privileged actions that normally require higher permissions to be performed without the proper verification of user rights, thereby breaking the intended separation of duties. Because the vulnerability is a classic case of broken access control, users may be able to execute operations beyond their required level of authority.

All installations of the Jegstudio Gutenverse Form WordPress plugin from the earliest release through version 2.2.0 are affected, regardless of whether the site uses older or newer WordPress core versions.

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector likely involves the standard WordPress interface, requiring only that an attacker can reach the site and access the plugin functions, potentially as an unauthenticated user or a user with limited privileges. Exploitation would occur by leveraging the inadequate access controls to carry out higher‑privilege actions.