CVE-2024-37269: 
WordPress vulnerability analysis and mitigation

The Masterstudy Elementor Widgets WordPress plugin contains a Missing Authorization vulnerability (CVE-2024-37269) that affects versions up to and including 1.2.2. The vulnerability was discovered by Rafie Muhammad and publicly disclosed on June 27, 2024. This security issue allows unauthenticated attackers to exploit incorrectly configured access control security levels (Patchstack, WPScan).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The issue stems from a missing capability check on a function that allows unauthenticated attackers to perform unauthorized actions (Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions due to broken access control, potentially leading to information disclosure with low confidentiality impact (Patchstack).

The vulnerability has been patched in version 1.2.3 of the Masterstudy Elementor Widgets plugin. Users are advised to update to this version or later to resolve the security issue (WPScan).