This vulnerability is a missing authorization flaw that allows the deletion of any content (such as posts or pages) managed by the Follow My Blog Post plugin. The flaw arises from incorrectly configured access control security levels, meaning that users who should not have deletion privileges can delete content. The weakness corresponds to CWE‑862 and the potential impact includes loss of valuable data, site integrity compromise, and reputational damage.

WordPress sites that use the Follow My Blog Post plugin from wpweb. Versions through 2.4.0 are vulnerable. The plugin is available as a WordPress plugin and integrates directly into the site's backend. Users and administrators of these sites may be affected if they have granted content modification rights to roles that should not have them.

The CVSS score of 7.5 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that, at present, the probability of exploitation is low, and the vulnerability is not listed in CISA’s KEV catalog. Likely exploitation requires an attacker to authenticate to the site—possibly via an existing user session or by targeting users with elevated privileges—and then interact with the plugin’s interfaces to trigger deletion actions. The attack path is web‑based, relying on standard HTTP requests to the plugin’s endpoints, and does not require additional system access.