CVE-2023-45272: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in 10Web Map Builder for Google Maps plugin, tracked as CVE-2023-45272. The vulnerability affects versions through 1.0.73 of the plugin and involves incorrectly configured access control security levels. The issue was initially reported on June 30, 2023, and was publicly disclosed on October 6, 2023 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) where there is a missing authorization check in certain plugin functionality. The vulnerability received a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The issue requires Subscriber-level privileges to exploit (Patchstack).

The vulnerability allows an unprivileged user to execute certain higher privileged actions due to broken access control mechanisms. While classified as having a low severity impact, it could potentially lead to unauthorized actions within the plugin's functionality (Patchstack).

The vulnerability has been fixed in version 1.0.74 of the 10Web Map Builder for Google Maps plugin. Users are advised to update to version 1.0.74 or later to remediate the issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).