CVE-2024-43932: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in POSIMYTH's The Plus Addons for Elementor Page Builder Lite, affecting versions through 5.6.2. The vulnerability was reported on July 17, 2024, by Rafie Muhammad and was officially published on August 26, 2024. This security issue involves incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with varying CVSS scores. The National Vulnerability Database (NVD) assigned it a HIGH severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), while Patchstack rated it as MEDIUM with a score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability stems from missing authorization checks that could allow unprivileged users to execute higher privileged actions (NVD, Patchstack).

The vulnerability has been confirmed to be actively exploited in the wild. It allows unauthorized users with subscriber-level privileges to perform actions that should be restricted to users with higher privilege levels. The vulnerability is considered moderately dangerous with high potential for exploitation (Patchstack).

The vulnerability has been fixed in version 5.6.3 of the plugin. Users are strongly advised to update to this version or later immediately. For those unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).