CVE-2024-3627: 
WordPress vulnerability analysis and mitigation

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress contains a vulnerability (CVE-2024-3627) affecting all versions up to and including 1.1.7. The vulnerability was discovered and disclosed on June 19, 2024, impacting the plugin's AjaxFunctions.php file (NVD).

The vulnerability stems from a missing capability check on several functions in the AjaxFunctions.php file. This security flaw has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows authenticated attackers with subscriber-level access and above to delete arbitrary posts and modify settings within the WordPress installation. This can lead to unauthorized modification and potential loss of data in the affected WordPress sites (NVD).

Users should upgrade to a version newer than 1.1.7 when available. Until a patch is released, site administrators should carefully review and possibly restrict user roles and permissions to minimize potential exploitation (NVD).