Multiple Missing Authorization affected this plugin in versions <= 1.1.3.3, all of them have been patched in plugin version 1.1.4. These Missing Authorization issues were registered under multiple CVE IDs (CVE-2023-4938, CVE-2023-4941, CVE-2023-4924, CVE-2023-4943).
A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
This security issue has a low severity impact and is unlikely to be exploited.
Patchstack has issued a mitigation rule to block any attacks until you have updated to a fixed version.
Update to version 1.1.4 or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.