This vulnerability in Ni WooCommerce Product Enquiry plugin (versions up to 4.1.8) arises from missing authorization checks, enabling attackers without privileges to access or invoke functionality that should be protected by ACLs. The CVSS 3.1 score is 7.5 (high), with network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The lack of proper authorization can lead to unauthorized modification of data or plugin behavior.

The vulnerability allows attackers to perform unauthorized actions that can modify data or functionality within the affected plugin, potentially compromising the integrity of the system using the plugin. There is no impact on confidentiality or availability. No known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider restricting access to the plugin's functionality through other means, such as limiting user roles or network access, if feasible.