CVE-2024-1710: 
WordPress vulnerability analysis and mitigation

The Addon Library plugin for WordPress contains a critical security vulnerability (CVE-2024-1710) due to a missing capability check on the onAjaxAction function. This vulnerability affects all versions up to and including 1.3.76, allowing authenticated attackers with subscriber-level access or higher to perform unauthorized actions (NVD).

The vulnerability stems from a missing capability check in the onAjaxAction function, which creates a security gap in the authentication mechanism. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires low attack complexity and can be exploited remotely with low privileges (NVD).

The vulnerability enables authenticated attackers with subscriber-level access or higher to perform several unauthorized actions, including the ability to upload arbitrary files to the system. This capability could potentially lead to complete system compromise through unauthorized file execution (NVD).

Users should immediately update their Addon Library plugin to a version newer than 1.3.76 if available. If an update is not available, it is recommended to consider disabling the plugin until a security patch is released (NVD).