This vulnerability (CWE-862) in WP eMember arises from missing authorization controls, which means the plugin does not properly verify user permissions before granting access to certain functionality or data. The issue affects versions up to 10.2.2. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates that the vulnerability is remotely exploitable without privileges or user interaction, resulting in limited confidentiality impact but no integrity or availability impact. No patch or vendor advisory is currently available to confirm remediation status.

An attacker can exploit this missing authorization vulnerability remotely without authentication or user interaction to gain limited unauthorized access to information within the WP eMember plugin. There is no impact on data integrity or availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review and tighten access control configurations in WP eMember where possible to limit exposure. Monitor vendor channels for updates or patches addressing this issue.