Impact
The WPAMS plugin versions prior to 49.5.3 contain a flaw that allows authenticated subscribers to delete arbitrary content. This vulnerability can be exploited to remove posts, pages, or other media created by any user, leading to loss of data and potential disruption of website functionality. The weakness correlates with CWE-862, indicating a privilege escalation flaw where users with limited permissions can perform actions beyond their scope.
Affected Systems
The affected product is the WordPress WPAMS plugin from mojoomla. Users running any version earlier than 49.5.3 are susceptible. No other versions or products are mentioned as impacted.
Risk and Exploitability
The CVSS score of 6.5 places this issue in the medium severity range, while the EPSS score of less than 1% suggests that exploitation is currently uncommon. Because it is not listed in the CISA KEV catalog, there have been no widely known public exploits as of now. An attacker would need to be logged in as a subscriber and exploit the plugin’s deletion endpoint, so the attack surface is limited to authenticated users. Nevertheless, since the flaw lets users delete content beyond their permissions, the potential impact on website integrity is significant.
OpenCVE Enrichment