CVE-2023-49845: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2023-49845) was identified in the Loud Dog Redirects WordPress plugin, affecting versions through 1.2.1. The vulnerability was discovered by researcher Skalucy and was publicly disclosed on December 6, 2023. This security issue involves broken access control that could allow unauthorized users to exploit incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The issue is classified under CWE-862 (Missing Authorization) and represents a broken access control vulnerability that could allow unprivileged users to execute certain higher privileged actions (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It allows unprivileged users to perform actions that should be restricted to users with higher privileges, potentially compromising the security of affected WordPress installations (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the mitigation immediately (Patchstack).