Impact
The vulnerability allows a subscriber account in the WordPress Amelia plugin, versions 2.3 and earlier, to gain higher‑level privileges without authorization. This is a privilege escalation flaw classified as CWE‑266. The impact is that an attacker who can log in as a normal subscriber could obtain administrative rights, enabling full control over the plugin and potentially the website content.
Affected Systems
WordPress Amelia plugin, versions 2.3 and earlier, are affected. The plugin is hosted within WordPress installations and the issue exists before any official patch to version 2.4.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity. The EPSS score of less than 1% suggests exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated subscriber account, implying an attacker must first obtain or assume such credentials. Once authenticated, a privilege escalation path exists that can elevate the attacker to administrative level.
OpenCVE Enrichment