The vulnerable plugin contains a missing authorization flaw that permits deletion of site content without proper checks. The type of access required (authenticated or otherwise) is not explicitly stated in the input; it is inferred that authenticated users may be able to delete content due to missing role checks, but unauthenticated access is not confirmed. This weak access control, classified as CWE-862, enables removal of posts, pages, media or other WordPress items, thereby compromising the integrity and availability of site data.

The issue exists in Wealcoder Animation Addons for Elementor versions up to 2.4.5. Any WordPress installation running the plugin at or below this version range is affected. Site administrators should verify the plugin version to determine impact.

The CVSS score of 6.5 indicates medium severity while the EPSS score of less than 1% reflects a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers are likely to exploit the flaw by using the plugin’s delete functionality; it is inferred that an authenticated user may access this functionality due to missing role checks, but the level of authentication required is not explicitly confirmed. This broad access could lead to destructive loss of content, so a timely response is recommended.