CVE-2024-47317: 
WordPress vulnerability analysis and mitigation

The WP Quads Ads plugin (Adsense Ads, Banner Ads, Popup Ads) for WordPress contains a Missing Authorization vulnerability affecting versions up to 2.0.84. The vulnerability was discovered by Trương Hữu Phúc and publicly disclosed on September 25, 2024. This security issue has been assigned CVE-2024-47317 and affects the plugin's access control mechanisms (Patchstack, WPScan).

The vulnerability stems from a missing capability check in the quadssendfeedback() function, which allows authenticated users with subscriber-level access or higher to send feedback data without proper authorization. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST and 4.3 (MEDIUM) by Patchstack. The vulnerability is classified as CWE-862: Missing Authorization and falls under the OWASP Top 10 category A5: Broken Access Control (WPScan).

The vulnerability allows authenticated attackers with subscriber-level access and above to send unauthorized feedback data, potentially leading to information disclosure and unauthorized actions within the plugin's functionality (Patchstack).

The vulnerability has been fixed in version 2.0.85 of the WP Quads Ads plugin. Users are advised to update to this version or later to remediate the security issue (WPScan).