This vulnerability in WP EasyPay arises from missing authorization checks, which means that certain actions or resources may be accessed or manipulated without proper permission verification. The affected versions include all versions up to 4.2.11. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, requiring low privileges, no user interaction, unchanged scope, no confidentiality impact, but low integrity and high availability impacts. No vendor advisory or patch information is provided, and the product is not a cloud service.

The vulnerability allows an attacker with low privileges to exploit missing authorization controls, potentially causing integrity and availability impacts on the affected WP EasyPay plugin installations. There is no impact on confidentiality. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is available, users should monitor vendor communications for updates. Until a fix is released, consider restricting access to the plugin's administrative functions to trusted users only.