The vulnerability is a missing authorization flaw that allows an attacker to bypass intended access controls within the Audier For Elementor WordPress plugin. This broken access control (CWE‑862) can enable unauthorized users to execute actions that should be restricted, potentially escalating privileges within the plugin's functionality. The impact is limited to the scope of the plugin and any WordPress features it exposes, as the description does not indicate broader system compromise.

WordPress sites running the merkulove Audier For Elementor plugin through version 1.0.9 are affected. The plugin is distributed as a WordPress add‑on and is available for installation on any site that has not upgraded beyond the specified version.

The CVSS score of 5.4 classifies this as a moderate‑severity issue, but the EPSS score of less than 1% indicates a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation would occur by sending crafted HTTP requests to the plugin’s endpoints, assuming the site is publicly accessible and the attacker can discover the plugin’s URL structure. The actual attack vector is inferred from the nature of the broken access control; the CVE description does not provide explicit details of how the flaw is accessed, so defenders should assume the possibility of remote exploitation via the web interface.