The vulnerability is a missing authorization flaw in the PublishPress Authors WordPress plugin. If access controls are misconfigured, an attacker can exploit the plugin to perform actions normally restricted to privileged users. This flaw is described as "Incorrectly Configured Access Control Security Levels." The weakness maps to CWE-862, indicating a problem with improper authorization checks. No remote code execution or denial of service is described, so the primary risk is the ability to elevate privileges and alter content or settings within the WordPress site.

The affected system is the PublishPress Authors WordPress plugin for all versions up to and including 4.10.1. This vulnerability is present in every build of the plugin from the earliest release through 4.10.1. Users running this plugin on a WordPress site are potentially impacted unless they have already upgraded to a newer, fixed release.

The severity score is 4.3, which falls in the low range on the CVSS scale, and the Exploit Prediction Scoring System score is lower than one percent, indicating a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. According to the description, exploitation requires that the attacker can leverage the WordPress site’s role‑based access to find a user with elevated privileges configured to use the plugin. The exact attack vector is not explicitly stated, but it is inferred to involve authenticated interactions with the plugin’s administrative interface. If the site administrators have assigned authors or editors roles that can use this plugin, an attacker who can obtain or impersonate such a role could exploit this flaw to tamper with content, users, or other sensitive plugin settings.