CVE-2024-32799: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the Easy Property Listings WordPress plugin, affecting versions through 3.5.3. The vulnerability was identified on April 22, 2024, and was assigned CVE-2024-32799. This security issue is related to broken access control in the plugin's functionality (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack assessed it with a score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability represents a broken access control issue where an unprivileged user could potentially execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks (Patchstack).

The vulnerability has been fixed in version 3.5.4 of the Easy Property Listings plugin. Users are advised to update to version 3.5.4 or later to remediate this security issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).