CVE-2024-47302: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2024-47302) was discovered in WPManageNinja LLC's Fluent Support WordPress plugin, affecting versions up to 1.8.0. The vulnerability was disclosed on September 25, 2024, and involves broken access control on email verification functionality (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that allows exploiting incorrectly configured access control security levels. The National Vulnerability Database has assigned it a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack rates it with a CVSS score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).

The vulnerability could potentially allow unauthorized access to email verification functionality, leading to security control bypass. The discrepancy between NVD's critical rating and Patchstack's medium rating suggests varying assessments of the potential impact (NVD).

The vulnerability has been fixed in version 1.8.1 of the Fluent Support plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).