Depart
Monthly
Missing authorization controls in the DEPART WordPress plugin (versions up to 1.0.7) allow authenticated attackers to access sensitive functionality by exploiting incorrectly configured access control security levels. The vulnerability requires valid user credentials but grants low-confidentiality access through broken authorization checks. While EPSS scoring indicates minimal real-world exploitation probability (0.02%, 4th percentile), the flaw represents a critical architectural weakness in permission enforcement that could enable privilege escalation or data disclosure depending on plugin functionality.
Missing authorization controls in the DEPART WordPress plugin (versions up to 1.0.7) allow authenticated attackers to access sensitive functionality by exploiting incorrectly configured access control security levels. The vulnerability requires valid user credentials but grants low-confidentiality access through broken authorization checks. While EPSS scoring indicates minimal real-world exploitation probability (0.02%, 4th percentile), the flaw represents a critical architectural weakness in permission enforcement that could enable privilege escalation or data disclosure depending on plugin functionality.