CVE-2023-45271: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in WowStore Team's ProductX – Gutenberg WooCommerce Blocks plugin, tracked as CVE-2023-45271. The vulnerability affects versions through 2.7.8 and involves incorrectly configured access control security levels. The issue was discovered by Abdi Pranata and was publicly disclosed on October 6, 2023 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified as CWE-862 (Missing Authorization) and represents a broken access control vulnerability where authorization checks are missing in certain functions (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to broken access control. The severity is considered low, with only integrity being affected as indicated by the CVSS score (Patchstack).

The vulnerability has been fixed in version 3.0.0 of the plugin. Users are advised to update to version 3.0.0 or later to remediate the issue. Additionally, Patchstack has issued a virtual patch to mitigate this vulnerability by blocking potential attacks until users can update to the fixed version (Patchstack).