The vulnerability is a missing authorization flaw that allows exploitation of incorrectly configured access control security levels in the Knowledge Base for Documentation, FAQs with AI Assistance plugin. An attacker who can reach the exposed plugin functions may perform actions normally restricted to privileged users, potentially reading, modifying, or deleting content managed through the plugin, thereby compromising data integrity and confidentiality.

WordPress sites that have installed EchoPlugins’ Knowledge Base for Documentation, FAQs with AI Assistance plugin at version 16.011.0 or earlier are affected. The issue originates within the plugin’s internal role checks and applies to all instances where the plugin is active.

The CVSS score of 4.3 indicates a moderate risk level, while the EPSS score of less than 1% shows a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through the web application layer; an attacker with access to the WordPress environment—either via legitimate user credentials or by exploiting a user that has been granted improper privileges—could bypass authorization and access or modify content within the plugin. The weakness is classified as CWE-862 (Missing Authorization), highlighting the nature of the flaw.