The affected component is vulnerable to a classic IDOR flaw, categorized under CWE‑639, which permits an attacker to circumvent authorization checks using a user‑controlled key. This flaw allows the unauthorized reading or alteration of slideshow images and settings that were intended to be restricted to privileged users only. The compromise can lead to accidental disclosure of media, unauthorized modification of site content, or further exploitation of the WordPress installation. The description explicitly notes that the issue arises from incorrectly configured access control security levels, indicating that the authorization mechanism is insufficient for the intended protection.

Wptexture Image Slider Slideshow, a WordPress plugin, is affected for all releases from the very first version through version 1.8 inclusive. Users running any supported version in this range are exposed to the bypass.

The EPSS score for this vulnerability is reported as less than 1 percent, indicating a low probability of exploitation, and it has not been listed in the CISA KEV catalog. Because the flaw is an IDOR, the likely attack vector is remote: an attacker can craft or modify requests containing object identifiers to access restricted resources without authentication. Although the probability is low, the potential impact is significant due to the privileged nature of the affected resources, which are integral to the user‑experience of the site.