CVE-2024-37218: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in WordPress Page Builder Sandwich – Front-End Page Builder plugin affecting versions up to and including 5.1.0. The vulnerability was reported by security researcher Phill Sav (Savphill) and was publicly disclosed on June 21, 2024. The issue has been assigned CVE-2024-37218 and received a CVSS v3.1 score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that stems from a missing capability check on a function. This security flaw allows authenticated users with Contributor-level access and above to perform unauthorized actions. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (WPScan, Patchstack).

The vulnerability allows authenticated attackers with Contributor-level privileges or higher to perform unauthorized actions within the WordPress installation. The impact is considered low severity, with the potential for privilege escalation through broken access control mechanisms (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 5.1.0 of the Page Builder Sandwich plugin (WPScan).