CVE-2024-37506: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the Charitable Donations & Fundraising Team WordPress plugin versions up to 1.8.1.7. The vulnerability was reported on June 10, 2024, by security researcher Manab Jyoti Dowarah and was publicly disclosed on July 4, 2024. The issue was assigned CVE-2024-37506 and received a CVSS v3.1 score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) where the plugin fails to properly implement authorization checks. The vulnerability allows accessing functionality not properly constrained by Access Control Lists (ACLs). The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that the vulnerability can be exploited over the network, requires low attack complexity, and needs no privileges or user interaction (Patchstack).

The vulnerability has a low severity impact on affected systems. It primarily affects the integrity of the system with limited potential for unauthorized actions. No confidentiality or availability impacts have been reported (Patchstack).

The vulnerability has been fixed in version 1.8.1.8 of the Charitable plugin. Users are advised to update to this version or later to remediate the security issue. No alternative workarounds have been provided (Patchstack).