CVE-2024-38733: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Meks Video Importer WordPress plugin, affecting versions up to 1.0.12. The vulnerability was discovered by Majed Refaea and was assigned CVE-2024-38733. The issue stems from missing capability checks in the plugin's functionality, potentially allowing unauthorized access to certain features (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue, with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability vector is described as CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility, low attack complexity, and requiring low privileges (Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions due to incorrectly configured access control security levels. This broken access control issue could potentially lead to unprivileged users executing certain higher privileged actions (WPScan).

The vulnerability has been fixed in version 1.0.13 of the Meks Video Importer plugin. Users are advised to update to this version or later to remediate the issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).