This vulnerability in Designinvento DirectoryPress (<= 3.6.25) involves missing authorization due to misconfigured access control security levels. It allows unauthorized users to perform certain actions that should be restricted, impacting the integrity of the application. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or availability impact, but integrity impact is present. No patch or vendor advisory is currently available to confirm remediation status.

The vulnerability allows unauthorized modification or manipulation of certain application functions, impacting data integrity. Confidentiality and availability are not affected. There are no known exploits in the wild, reducing immediate risk. However, the medium severity score reflects a moderate risk if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should review and tighten access control configurations where possible to limit unauthorized actions. Monitor for vendor updates or patches addressing this vulnerability.