The vulnerability is a broken access control flaw in the Nelio Content WordPress plugin versions up to 4.3.4 that allows an unauthenticated or low‑privileged user to perform actions normally reserved for administrators or higher‑privileged roles. This flaw is classified under CWE‑862 and could potentially enable the attacker to modify, delete, or expose content within a WordPress site, leading to confidentiality, integrity, and availability impacts for any site that relies on the plugin for content management.

This weakness affects the Nelio Content plugin for WordPress when the installed version is 4.3.4 or earlier. Any WordPress installation utilizing these plugin versions is vulnerable unless the plugin is upgraded to 4.3.5 or later, which removes the access‑control misuse.

The CVSS score of 4.3 places the vulnerability in the moderate severity range, and no EPSS or KEV data indicates a current presence of exploits. No specific exploit code or known attack vector is documented in the available data, so the risk is mainly theoretical unless an attacker manually tests or leverages the flaw through elevated WordPress privileges. The impact of a successful exploitation would be the unauthorized execution of curated content‑management operations on a target WordPress site.