Flextable
Monthly
FlexTable WordPress plugin (versions up to and including 3.24.0) by WPPOOL contains a missing authorization vulnerability enabling low-privileged authenticated users to perform restricted plugin actions beyond their intended access level, resulting in limited but unauthorized integrity modifications. The flaw stems from CWE-862 (Missing Authorization), where plugin endpoints fail to verify that an authenticated user holds the required WordPress capability before executing privileged operations. No public exploit code exists and this vulnerability is not in the CISA Known Exploited Vulnerabilities catalog; EPSS scoring at 0.03% (8th percentile) confirms negligible likelihood of broad exploitation at this time.
FlexTable WordPress plugin (versions up to and including 3.24.0) by WPPOOL contains a missing authorization vulnerability enabling low-privileged authenticated users to perform restricted plugin actions beyond their intended access level, resulting in limited but unauthorized integrity modifications. The flaw stems from CWE-862 (Missing Authorization), where plugin endpoints fail to verify that an authenticated user holds the required WordPress capability before executing privileged operations. No public exploit code exists and this vulnerability is not in the CISA Known Exploited Vulnerabilities catalog; EPSS scoring at 0.03% (8th percentile) confirms negligible likelihood of broad exploitation at this time.