The vulnerability resides in the WordPress Frisbii Pay plugin versions 1.8.2 and earlier, allowing a contributor to gain higher privileges by exploiting a flaw. This is a classic privilege escalation issue (CWE‑862), where unauthorized users can elevate their access level within the WordPress environment. The direct consequence is that an attacker can perform actions normally reserved for administrators, such as changing site settings, adding malicious code, or accessing sensitive information.

This flaw affects sites that use the Frisbii Pay plugin with versions up to and including 1.8.2. The manufacturer indicates that versions 1.8.2.1 and later contain the fix, so any WordPress site hosting the plugin should verify the installed version.

The CVSS score of 8.8 ranks this vulnerability as high. is not available, and the case is not listed in the CISA KEV catalog, suggesting a moderate but realistic exploitation probability. The likely attack vector is via the plugin’s web interface accessed by users with contributor privileges; the attacker needs to provide crafted input that the plugin processes without adequate privilege checks. Because this file is part of the WordPress ecosystem, a successful exploitation would grant the attacker control over the site’s administrative functions.