The vulnerability is a missing authorization flaw in the Download Alt Text AI WordPress plugin that allows exploiting incorrectly configured access control levels. This weakness permits unauthorized users to bypass normal privilege checks and potentially manipulate or retrieve alternative text information, leading to a disclosure or modification of content that should be restricted. The flaw is classified as CWE‑862 and results in an elevation of privileges for attackers who can interact with the plugin’s interfaces.

The affected vendor is alttextai, and the product affected is the Download Alt Text AI plugin. All releases from the beginning of its history up to version 1.10.15 are vulnerable. Users running any of these versions of the plugin on a WordPress installation are exposed to the access‑control issue until a fixed release is applied.

The CVSS score of 5.3 indicates a moderate risk, and the EPSS of less than 1 % suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, so there is no evidence of active exploitation campaigns. An attacker could exploit the flaw by accessing the plugin’s endpoints directly through a web browser or via automated scripts if the site allows unauthenticated or low‑privilege interaction with the plugin. No additional conditions or remote code execution capabilities are described, so the threat primarily remains an authorization bypass limited to the plugin’s functions.