While this vulnerability can be initiated by the role shown in "Required Privilege", successful exploitation requires a privileged user to perform an action — such as clicking a malicious link, visiting a crafted page, or submitting a form.
This could allow a malicious actor to delete content from your website such as pictures, posts or pages.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
This security issue has a low severity impact and is unlikely to be exploited.
Patchstack has issued a mitigation rule to block any attacks until you have updated to a fixed version.
Update to version 2.4.2 or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.