This vulnerability is a missing authorization flaw in the Depicter Slider plugin for WordPress that allows an attacker to perform actions normally reserved for privileged users, such as creating, modifying, or deleting slider content. The flaw stems from incorrectly configured access control security levels, which can lead to unauthorized manipulation of site assets, potentially impacting the integrity and availability of the site. No evidence of remote code execution or denial‑of‑service is present in the description, so the primary impact is privilege escalation within the WordPress administration interface.

Averta’s Depicter Slider plugin for WordPress, versions from the earliest release through version 4.0.4, is affected. The plugin is commonly installed on WordPress sites to create and manage image sliders.

The CVSS score of 6.5 classifies this issue as a moderate risk. The EPSS score of less than 1% indicates that the likelihood of exploitation is low at this time, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is via the web interface or possibly an exposed API endpoint that controls slider elements; each action requires authentication but is permissibly granted to roles that otherwise should not have such capabilities. Because the exploit requires legitimate access to the site, the overall risk to anonymous users is limited, but authenticated attackers with at least minimal site access could leverage the flaw to elevate privileges. No specific configuration prerequisites are listed, so the flaw appears to be inherent to the plugin’s default access settings.