CVE-2024-0791: 
WordPress vulnerability analysis and mitigation

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress (versions up to 1.0.8.1) contains a vulnerability identified as CVE-2024-0791. The vulnerability stems from missing capability checks on several functions including wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term. This security issue was disclosed on February 5, 2024 (NVD).

The vulnerability is characterized by missing capability checks in key functions that handle taxonomy term operations. This security flaw has been assigned a CVSS v3.1 base score of 4.3 (Medium severity). The affected functions (wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term) lack proper authorization controls, which should restrict access based on user capabilities (NVD).

The vulnerability allows authenticated attackers with subscriber-level access or higher to perform unauthorized operations on taxonomy terms, including creation, modification, and deletion of terms. This can lead to unauthorized access, modification, or loss of data within the WordPress installation (NVD).

Website administrators running affected versions of the WOLF – WordPress Posts Bulk Editor and Manager Professional plugin should update to a version newer than 1.0.8.1 if available. If an update is not possible, consider restricting access to the affected functions or temporarily disabling the plugin (NVD).