The vulnerability is a missing authorization flaw in the Table Block by Tableberg WordPress plugin that allows attackers to perform actions they should not be able to, by exploiting improperly configured access control levels. This weakness permits an attacker to access or manipulate plugin features and data that are intended to be restricted, potentially exposing protected content or allowing unauthorized content modifications. The issue is considered a broken access control problem and does not involve arbitrary code execution or denial of service.

The affected product is the Table Block by Tableberg plugin developed by Imtiaz Rayhan. The vulnerability impacts all releases from the beginning of its availability through version 0.6.9. No specific sub‑versions are listed beyond the maximum affected version.

The CVSS base score of 4.3 indicates a medium severity vulnerability. The EPSS score of less than 1% suggests a very low probability of exploitation as of the current assessment. The vulnerability is not listed in the CISA KEV catalog. Attackers would most likely need to interact with the plugin via a web interface or authenticated session to manipulate access controls, so the attack vector is inferred to be web-based. Because the flaw is an authorization oversight rather than a code injection or buffer overflow, the risk to confidentiality, integrity, or availability depends on the data accessed or modified by the plugin.