CVE-2024-43350: 
WordPress vulnerability analysis and mitigation

An Authorization Bypass Through User-Controlled Key vulnerability was discovered in Propovoice CRM, affecting versions up to 1.7.6.4. The vulnerability was reported by security researcher Manab Jyoti Dowarah and was assigned CVE-2024-43350. This security issue was published on August 16, 2024, and involves an Insecure Direct Object References (IDOR) vulnerability (Patchstack).

The vulnerability is classified as an Insecure Direct Object References (IDOR) issue, which falls under the CWE-639 (Authorization Bypass Through User-Controlled Key) category. It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no privileges required (NVD).

The vulnerability could allow a malicious actor to bypass authorization and authentication mechanisms, potentially leading to unauthorized access to sensitive files, folders, or database interactions. The CVSS score indicates that the primary impact is related to confidentiality, with limited information disclosure possible (Patchstack).

As of the vulnerability disclosure, no official fix is available for this security issue. The vulnerability affects versions up to 1.7.6.4, and users are advised to monitor for updates from the vendor (Patchstack).