This vulnerability (CWE-862) in WPDeveloper Essential Blocks for Gutenberg involves missing authorization checks, allowing users with some privileges to perform unauthorized actions. It affects all versions up to 4.4.9. The CVSS 3.1 score of 6.5 reflects a medium severity with network attack vector, low complexity, and no user interaction required. Confidentiality impact is high, but integrity and availability are not affected. No official fix or patch has been disclosed by the vendor, and no known exploits are reported.

An attacker with limited privileges could exploit this missing authorization flaw to access or perform actions that should be restricted, potentially leading to unauthorized disclosure of sensitive information. The impact is limited to confidentiality, with no direct impact on integrity or availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user privileges to the minimum necessary and monitor for unusual activity related to this plugin. Avoid granting elevated privileges to untrusted users. Follow updates from WPDeveloper for any forthcoming patches or mitigations.