The vulnerable plugin contains a missing authorization flaw that permits attackers to exploit incorrectly configured access control settings. Because the plugin’s security checks are insufficient, an attacker could gain unauthorized access to protected content or administrative functions within the WordPress site. The defect correlates with the Common Weakness Enumeration CWE‑862 for Authorization Control Failure.

The issue affects all installations of the Ajay Contextual Related Posts plugin whose version is less than 4.2.2. Any WordPress site that has the plugin installed prior to that version is potentially vulnerable, as the vulnerability applies to the entire range from the earliest releases through to just before 4.2.2. No specific sub‑versions are listed beyond the upper bound.

The EPSS score is below 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting a low probability of immediate exploitation. The attack vector is inferred to involve HTTP requests to the plugin’s endpoints, although the exact exploitation method is not detailed in the advisory. If exploited, the attacker could obtain unauthorized view or modification rights over content controlled by the plugin, impacting confidentiality and integrity. Overall, the risk is moderate but should be mitigated promptly.