CVE-2023-47783: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in Thrive Themes' Thrive Theme Builder affecting versions before 3.24.0. The vulnerability allows authenticated users with subscriber-level access and above to invoke functions intended for higher-privileged users due to missing capability checks (Patchstack, WPScan).

The vulnerability is classified as CWE-862 (Missing Authorization) with a CVSS v3.1 score of 8.3 (High). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, indicating network accessibility, low attack complexity, and requires low privileges. The issue stems from improper implementation of authorization controls in one of the theme's functions (Patchstack).

The vulnerability allows authenticated attackers with subscriber-level access to execute functions intended for higher-privileged users. While the exact impact is not fully documented, the high CVSS score indicates potential for significant compromise of system confidentiality, integrity, and availability (WPScan).

The vulnerability has been patched in Thrive Theme Builder version 3.24.0. Users are strongly advised to update to this version or later to resolve the security issue. No alternative workarounds have been published (WPScan).