CVE-2024-1108: 
WordPress vulnerability analysis and mitigation

The Plugin Groups plugin for WordPress (CVE-2024-1108) contains a vulnerability related to unauthorized modification of data due to a missing capability check on the admin_init() function. This security issue affects all versions up to and including 2.0.6, discovered and disclosed on February 20, 2024 (NVD).

The vulnerability stems from a missing capability check in the admin_init() function within the Plugin Groups WordPress plugin. The CVSS v3.1 base score is 8.2 (HIGH) according to NVD assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. Wordfence has assigned a slightly lower CVSS score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (NVD).

The vulnerability allows unauthenticated attackers to modify plugin settings, which can result in a denial of service due to misconfiguration. The impact primarily affects the integrity and availability of the plugin's functionality (NVD).

A patch has been released to address this vulnerability. Users should upgrade to a version newer than 2.0.6 to mitigate the risk (WordPress Patch).