This vulnerability in the UpStream WordPress plugin arises from missing authorization checks, enabling attackers with limited privileges to perform actions beyond their intended access rights. It affects all versions up to 2.1.1. The CVSS 3.1 base score is 4.3, indicating a medium severity with network attack vector, low attack complexity, requiring privileges, no user interaction, and impacting integrity only. There is no evidence of active exploitation or vendor-provided patches at this time.

The vulnerability allows an attacker with some level of privileges to bypass access controls, potentially modifying data or performing unauthorized actions within the plugin. It does not affect confidentiality or availability. No known exploits have been reported, so the immediate risk is limited but could increase if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review and tighten access control configurations for the UpStream plugin. Limit user privileges to the minimum necessary to reduce potential exploitation impact.