This vulnerability in CouponXxL Custom Post Types (<= 3.0) arises from improper privilege assignment, enabling privilege escalation. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) indicates that the vulnerability is remotely exploitable without user interaction or privileges, with high impact on confidentiality, low impact on integrity, and low impact on availability. The issue allows an attacker to gain elevated privileges beyond what is intended by the plugin's access controls.

Successful exploitation could lead to unauthorized privilege escalation, potentially allowing attackers to access sensitive data (high confidentiality impact), modify some data (low integrity impact), and cause limited disruption (low availability impact). This could compromise the security posture of affected systems using the vulnerable plugin.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider restricting access to the plugin's functionality or disabling it if feasible to reduce risk.