Missing Authorization in Monetag Official Plugin versions through 1.1.3 allows an attacker to exploit incorrectly configured access control security levels. The vulnerability means that requests can be processed without the required authorization checks, enabling actions that should be restricted. The weakness is classified as CWE‑862: Lack of Security Controls for Unauthorized Access. The CVE score of 5.4 places the risk in a moderate category, indicating that while exploitation is not trivial, the potential impact on confidentiality, integrity or availability is non‑negligible if the plugin is exposed to the public web.

WordPress sites running the Monetag Official Plugin, branded as monetagwp:Monetag Official Plugin, with affected versions from the initial release up through 1.1.3. No higher‑than‑6‑digit versioning is mentioned, and all releases prior to or equal to 1.1.3 contain the flaw.

The CVSS score indicates moderate severity, and the EPSS of less than 1% suggests a low probability of existing exploitation, though no reported exploits exist in the KEV catalog. The vulnerability is exploitable by users who can send crafted HTTP requests to any endpoint within the plugin that lacks proper authorization checks. An attacker could gain unauthorized access to the plugin’s administrative interface or any backend actions, potentially reading or modifying data stored by the plugin. As the flaw is in access control logic, it can be leveraged without needing additional privileges or exploiting other vulnerabilities in the environment.