CVE-2024-43919: 
WordPress vulnerability analysis and mitigation

A Broken Access Control vulnerability was discovered in YARPP (Yet Another Related Posts Plugin) affecting versions up to 5.30.10. The vulnerability was reported by Rafie Muhammad and disclosed on August 26, 2024, with CVE identifier CVE-2024-43919. The issue was assigned a CVSS v3.1 base score of 5.3 (Medium) by Patchstack, while NIST assessed it with a score of 9.8 (Critical) (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and involves a broken access control issue that refers to a missing authorization, authentication, or nonce token check in a function. This could potentially allow an unprivileged user to execute certain higher privileged actions. The vulnerability received different severity assessments, with NIST assigning a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack assessed it as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (Patchstack).

The vulnerability has been assessed to have a low severity impact and is considered unlikely to be exploited. However, if successfully exploited, it could allow unauthorized users to perform actions intended for users with higher privileges (Patchstack).

The vulnerability has been fixed in version 5.30.11 of the YARPP plugin. Users are advised to update to version 5.30.11 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).