CVE-2023-49818: 
WordPress vulnerability analysis and mitigation

The CVE-2023-49818 is a Missing Authorization vulnerability affecting the Webflow Pages WordPress plugin versions through 1.0.8. The vulnerability was discovered by Kévin Mosbahi (Mika) and was publicly disclosed on December 5, 2023. The issue stems from missing authorization controls in the Webflow Pages plugin, which allows exploiting incorrectly configured access control security levels (Patchstack, WPScan).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and has a limited impact on integrity (Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions due to a missing capability check on an unknown function. This broken access control issue could potentially lead to unprivileged users executing certain higher privileged actions (WPScan, Patchstack).

The vulnerability has been fixed in version 1.1.0 of the Webflow Pages plugin. Users are advised to update to version 1.1.0 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).