This vulnerability (CWE-862) in AlphaEfficiencyTeam Custom Login and Registration arises from missing authorization checks, which can lead to unauthorized actions due to improperly configured access control levels. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, but integrity and availability impacts rated low and high respectively. The affected product versions include all up to 1.0.0. No official patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation could allow an attacker with low privileges to perform unauthorized actions that impact the integrity and availability of the affected system. There is no confidentiality impact reported. No known exploits have been observed in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review and strengthen access control configurations in the affected product to prevent unauthorized actions. Monitor for vendor updates regarding patches or official mitigations.