CVE-2024-30539: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2024-30539) was discovered in Awesome Support Team's Awesome Support WordPress plugin affecting versions through 6.1.7. The vulnerability was initially reported on November 3, 2023, and publicly disclosed on March 29, 2024 (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue, which represents a broken access control vulnerability. It received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a medium severity score of 5.3 with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (Patchstack).

The broken access control vulnerability could allow an unprivileged user to execute certain higher privileged actions. The vulnerability is considered moderately dangerous and is expected to become exploited (Patchstack).

The vulnerability has been fixed in version 6.1.8 of the Awesome Support plugin. Users are advised to update to version 6.1.8 or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).