CVE-2024-43119: 
WordPress vulnerability analysis and mitigation

The Aruba HiSpeed Cache WordPress plugin contains a Missing Authorization vulnerability (CVE-2024-43119) discovered in versions up to and including 2.0.12. The vulnerability was publicly disclosed on August 7, 2024, and affects the plugin's access control security levels (WPScan, Patchstack).

The vulnerability stems from a missing capability check in the ahsctoolbarpurge() function. It has been assigned a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The issue is classified under CWE-862 (Missing Authorization) and falls under the OWASP Top 10 category A5: Broken Access Control ([Patchstack](https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-12-broken-access-control-vulnerability?s_id=cve), WPScan).

The vulnerability allows authenticated attackers with subscriber-level access or higher to perform unauthorized actions, specifically the ability to purge the cache. This represents a broken access control issue that could affect the normal operation of the website's caching system (WPScan).

The vulnerability has been patched in version 2.0.13 of the Aruba HiSpeed Cache plugin. Site administrators are advised to update to this version or later to resolve the security issue (WPScan, Patchstack).