Missing authorization in Premio My Sticky Elements plugin (version 2.3.3 and earlier) allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. The vulnerability requires an authenticated attacker with low privileges and carries a CVSS score of 4.3 with low real-world exploitation probability (EPSS 0.04%). No public exploit code or active exploitation has been identified.
Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.
Cross-site request forgery (CSRF) vulnerability in the Easy Property Listings XML/CSV Import plugin for WordPress (versions <= 2.2.1) allows attackers to perform unauthorized actions on behalf of authenticated administrators without their knowledge or consent. The vulnerability affects the import functionality and carries minimal real-world exploitation risk based on EPSS scoring (0.02%, 5th percentile), indicating low likelihood of automated exploitation despite the CSRF vector requiring no special privileges or authentication from the attacker's perspective.