CVE-2024-45453: 
WordPress vulnerability analysis and mitigation

The CVE-2024-45453 is an Authentication Bypass by Spoofing vulnerability discovered in the WordPress Maintenance Redirect plugin. The vulnerability affects versions through 2.0.1 of the plugin and allows unauthorized access to functionality not properly constrained by ACLs. The issue was initially reported on February 19, 2024, and was publicly disclosed on September 16, 2024 (Patchstack).

The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and has received a CVSS v3.1 Base Score of 3.7 (Low) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network-accessible, requires high attack complexity, needs no privileges, requires no user interaction, has a limited confidentiality impact, and no impact on integrity or availability (Patchstack).

The vulnerability allows attackers to bypass certain restrictions in the code through IP spoofing, potentially gaining unauthorized access to functionality that should be restricted. The impact is considered low severity, with only limited confidentiality breach potential (Patchstack).

The vulnerability has been patched in version 2.1.0 of the Maintenance Redirect plugin. Users are advised to update to version 2.1.0 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).