The vulnerable plugin contains a missing authorization flaw that permits attackers to exploit incorrectly configured access control settings. Because the plugin’s security checks are insufficient, an attacker could gain unauthorized access to protected content or administrative functions within the WordPress site. The defect correlates with the Common Weakness Enumeration CWE‑862 for Authorization Control Failure.

The issue affects all installations of the Ajay Contextual Related Posts plugin whose version is less than 4.2.2. Any WordPress site that has the plugin installed prior to that version is potentially vulnerable, as the vulnerability applies to the entire range from the earliest releases through to just before 4.2.2. No specific sub‑versions are listed beyond the upper bound.

The vulnerability carries a CVSS score of 5.3, indicating moderate severity. Its EPSS score is reported as <1%, implying a very low likelihood of exploitation in the near term. The plugin’s missing authorization checks can potentially be exploited via HTTP requests to the plugin’s endpoints, although the specific attack path is not fully described in the advisory. If successful, an attacker could gain unauthorized access to protected content or administrative features associated with the plugin, compromising confidentiality and integrity. Overall the risk is moderate but given the low exploitation probability, timely remediation remains advisable.