A missing authorization flaw in the Secure Copy Content Protection and Content Locking plugin allows an attacker to manipulate or bypass the plugin’s access control settings. This defect enables an unauthorized user to grant or alter permissions that should be restricted to administrators, potentially exposing protected content or enabling further exploitation. The weakness is classified as an improper authorization issue.

The vulnerability impacts WordPress installations that use the Ays Pro Secure Copy Content Protection and Content Locking plugin, versions n/a through 5.0.0 inclusive. Users should verify the installed version and upgrade if necessary.

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at this time. The issue is not listed in the CISA KEV catalog, reducing its prominence among known exploited vulnerabilities. However, because the flaw permits unauthorized manipulation of access controls, it could facilitate escalation of privileges or data exposure if an attacker can reach the affected plugin endpoints. The attack vector is inferred to be web-based, requiring the ability to craft requests to plugin-specific URLs or administrative interfaces.