The Booster Extension plugin for WordPress contains a missing authorization vulnerability (CWE-862) in the 'booster_extension_authorbox_shortcode_display' function. This flaw enables unauthenticated attackers to retrieve sensitive information, specifically user email addresses, due to insufficient access control. The issue affects all versions up to and including 1.2.0. The CVSS 3.1 base score is 5.3, reflecting a network attack vector with low complexity and no privileges required, resulting in a confidentiality impact only.

An attacker without authentication can extract sensitive user information, including email addresses, from affected installations of the Booster Extension plugin. This exposure could facilitate further targeted attacks such as phishing. There is no impact on system integrity or availability reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling the vulnerable functionality or the plugin itself to prevent unauthorized data exposure. Monitor the vendor's communications for updates on patches or official mitigations.