This vulnerability is an authorization bypass issue (CWE-639) in the PPWP plugin by WP Folio Team, specifically involving insecure direct object references (IDOR) in contributor-level functionality. It affects versions up to and including 1.9.19. An attacker with contributor privileges can manipulate user-controlled keys to access or modify resources they should not be authorized to. The CVSS 3.1 vector indicates network attack vector, low complexity, privileges required at the contributor level, no user interaction, unchanged scope, no confidentiality or availability impact, and limited integrity impact. No vendor advisory or patch information is currently available, and no known exploits have been reported.

The vulnerability allows an attacker with contributor-level privileges to bypass authorization controls, potentially leading to unauthorized modification of data (integrity impact). There is no impact on confidentiality or availability. The attack can be performed remotely over the network with low complexity and does not require user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict contributor privileges where possible and monitor for suspicious activity related to authorization bypass attempts. Avoid granting contributor access to untrusted users.