The CheckView Automated Testing plugin for WordPress contains a flaw classified as CWE‑862 that allows unauthenticated users to access and modify privileged plugin endpoints. Attackers can send HTTP requests to the plugin’s API without logging in, enabling them to change test configurations, tamper with settings, or read sensitive data stored by the plugin. The CVE description does not state the full extent of potential damage, so the impact is limited to the privileges granted by the plugin’s internal interfaces.

The vendor is CheckView, product CheckView Automated Testing plugin for WordPress. Versions up to and including 2.1.0 are affected; versions 2.2.0 and later include the fix. No other vendors or products are listed.

A CVSS score of 7.5 classifies the vulnerability as high severity, indicating a significant risk if explored. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through unauthenticated HTTP requests to the plugin’s endpoints, which does not require any prior authentication or privileges. Attackers who can reach the site may exploit this flaw by crafting requests that bypass the plugin’s access checks, potentially disrupting site functionality or altering configuration settings.