The Icegram Collect plugin suffers from a missing authorization vulnerability (CWE-862) that allows attackers with limited privileges to bypass access control restrictions. This vulnerability affects versions up to 1.3.14 and can lead to unauthorized modification or disruption of plugin functionality. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, but integrity and availability impacts. No patch or official remediation level has been provided yet.

Exploitation of this vulnerability can result in unauthorized integrity and availability impacts within the Icegram Collect plugin. Although confidentiality is not affected, attackers with low privileges may perform unauthorized actions that could disrupt normal operations or modify data. There are no known active exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review and tighten access control configurations for the Icegram Collect plugin to limit exposure. Monitor for updates from the vendor and apply patches promptly once available.