CVE-2024-43235: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in MetaBox.Io Meta Box – WordPress Custom Fields Framework, affecting versions up to 5.9.10. The vulnerability was reported on June 21, 2024, and publicly disclosed on August 9, 2024. This security issue is identified as CVE-2024-43235 and relates to broken access control security levels (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue. It received a CVSS v3.1 Base Score of 7.1 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, and can result in high confidentiality impact with low integrity impact (Patchstack).

The vulnerability is categorized as a broken access control issue, which could allow an unprivileged user to execute certain higher privileged actions. While classified with a CVSS score of 7.1, the actual severity impact is considered low and is unlikely to be exploited (Patchstack).

The vulnerability has been patched in version 5.9.11 of the Meta Box plugin. Users are advised to update to version 5.9.11 or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).