CVE-2024-32589: 
WordPress vulnerability analysis and mitigation

A broken access control vulnerability has been identified in the WordPress Barcode Scanner with Inventory & Order Manager Plugin versions 1.5.3 and below. The vulnerability was discovered by Maksim Kosenko and was assigned CVE-2024-32589. The issue was reported on January 30, 2024, and publicly disclosed by Patchstack on April 16, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS score of 7.1 (Medium severity). The vulnerability affects users with Subscriber-level privileges and stems from missing authorization, authentication, or nonce token checks in certain functions, potentially allowing unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It could potentially allow unauthorized users to perform actions beyond their intended privilege level. The issue has been confirmed to be actively exploited in the wild (Patchstack).

The vulnerability has been fixed in version 1.5.4 of the plugin. Users are strongly advised to update to this version or later immediately. For temporary mitigation, Patchstack has issued a virtual patch to block potential attacks until users can update to the fixed version (Patchstack).