CVE-2023-51355: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2023-51355) was discovered in MultiVendorX WC Marketplace plugin versions through 4.0.23. The vulnerability was reported on July 26, 2023, and publicly disclosed on December 26, 2023. This security issue affects WordPress installations using the WC Marketplace plugin (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) related to missing authorization checks. It received a CVSS v3.1 base score of 8.2 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L. The vulnerability allows unauthenticated users to execute higher privileged actions due to improper access control mechanisms (Patchstack).

The vulnerability is considered highly dangerous and expected to become mass exploited. It enables unprivileged users to perform actions that should be restricted to users with higher privileges, potentially compromising the security of affected WordPress installations (Patchstack).

The vulnerability has been patched in version 4.0.24 of the WC Marketplace plugin. Users are strongly advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).