This vulnerability in the wppochipp Pochipp plugin (versions <= 1.18.0) is due to missing authorization checks, which results in incorrectly configured access control security levels. The CVSS 3.1 base score is 5.3 (medium), with network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and no availability impact. The lack of authorization could allow an attacker to perform unauthorized actions that affect data integrity within the affected system.

The impact is limited to integrity, meaning an attacker could modify or manipulate data or operations without proper authorization. There is no impact on confidentiality or availability. Since no known exploits are reported, the practical risk may be limited until exploitation techniques emerge.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided at this time. Users should monitor vendor communications for updates and consider restricting access or applying compensating controls to limit unauthorized access until a patch is available.